JP2019204279A - Information processing device and program - Google Patents

Abstract

To provide an information processing device capable of setting an access authority while keeping security.SOLUTION: An information processing device 50 comprises a control unit 51 and a storage unit 52. The control unit 51: receives an accesses request to data to be approved from a first use authority without an access authority of the data to be approved; sets a common area which can be shared by the first use authority and a second use authority having the access authority of the data to be approved in the storage unit 52; receives a request range of the access request when detecting storage of access request data containing the request range of the access request in the common area; generates authentication information and stores the authentication information and the request range of the access request in the storage unit 52; and notifies a notification destination associated with the second use authority of the request range of the access request and the authentication information.SELECTED DRAWING: Figure 1

Description

  The present invention relates to an information processing apparatus and a program.

  When data processing is performed by a plurality of information processing terminals, a file server centrally manages data in order to maintain data and improve the efficiency of management. As an information processing apparatus used as a file server, for example, there is a NAS (Network Attached Storage) apparatus.

  In recent years, since many users use the NAS device with a large capacity, it is common to set a password for each user and ensure the security of the files used by the user.

  Further, not only a NAS device but also a technology that uses a password to access a file stored in a storage device is known.

JP 2010-170276 A Japanese Patent Laid-Open No. 2000-259569

  Since a plurality of users who use the file server are given access authority for each user, in principle, it is impossible to access directories and files (hereinafter also referred to as data) to which other users have access authority. . For this reason, in order to access data held by other users, it is necessary to obtain access authority by requesting a user having data access authority. In addition, in order for a plurality of users to use data jointly, it is necessary to move the data to a storage area shared by the users.

  As described above, when a user who does not have access authority to data exercises the access right on behalf of a licensee having access authority to data, the user can use all the data of the licensee. In addition, when data is moved to a shared area shared by users, the data moved to the shared area continues to be accessible from a plurality of users. For this reason, by using the access authority for data and the method of moving data to the shared area, the user's access authority (hereinafter also referred to as “user authority”) should be set appropriately while maintaining the data security. It was difficult.

  In one aspect, information that can set the access right of the licensed data while maintaining security between the first usage right that does not have permission to access the licensed data and the second usage right that has access rights to the licensed data. It is an object to provide a processing device and a program.

  In order to achieve the above object, an information processing apparatus as shown below is provided. The information processing apparatus includes a control unit and a storage unit. The control unit accepts an access request to the license target data from the first usage right that does not have the right to access the license target data, and can be shared by the first usage right and the second usage right that has the access right to the license target data. A shared area is set in the storage unit, and by detecting that access request data including the request range of the access request is stored in the shared area, the request range of the access request is accepted, authentication information is generated, and the authentication information and The request range of the access request is stored in the storage unit, and the request range of the access request and the authentication information are notified to the notification destination associated with the second usage authority.

  According to the first aspect, it is possible to set the access right of the license target data while maintaining security between the first use right that does not have the access right to the license target data and the second use right that has the access right to the license target data. .

It is a figure which shows an example of a structure of the information processing system of 1st Embodiment. It is a figure which shows an example of a structure of the information processing system of 2nd Embodiment. It is a figure which shows an example of the hardware constitutions of the NAS apparatus of 2nd Embodiment. It is a figure which shows an example of the hardware constitutions of the user terminal of 2nd Embodiment. It is a figure which shows an example of the access request information of 2nd Embodiment. It is a figure which shows an example of the access setting information of 2nd Embodiment. It is a figure which shows an example of the OTP management information of 2nd Embodiment. It is a figure which shows the sequence of the shared area control process of 2nd Embodiment. It is a figure which shows the flowchart of the mount process of 2nd Embodiment. It is a figure which shows the flowchart of the one-time password issuing process of 2nd Embodiment. It is a figure which shows the flowchart of the one-time password authentication process of 2nd Embodiment. It is a figure which shows the flowchart of the access request information detection process of 2nd Embodiment. It is a figure which shows the flowchart (the 1) of the access authentication process of 2nd Embodiment. It is a figure which shows the flowchart (the 2) of the access authentication process of 2nd Embodiment.

Hereinafter, embodiments will be described in detail with reference to the drawings.
[First Embodiment]
First, the information processing system according to the first embodiment will be described with reference to FIG. FIG. 1 is a diagram illustrating an example of the configuration of the information processing system according to the first embodiment.

  The information processing system 70 includes a first information processing device 10, a second information processing device 20, and an information processing device 50. The first information processing apparatus 10 is connected to the network connection apparatus 40 via the first network 41. The second information processing device 20 is connected to the information processing device 50 and the network connection device 40 via the second network 42. The first network 41 is, for example, a local area network such as a corporate network. The second network 42 is, for example, a wide area network such as the Internet. The network connection device 40 is a device that connects the first network 41 and the second network 42, and is, for example, a gateway device. Note that these connection configurations are merely examples, and a single network connection configuration or other connection configurations may be used.

  The first information processing apparatus 10 and the second information processing apparatus 20 are computers used by users. The first information processing apparatus 10 is a computer used by a first user, and accesses a file stored in the information processing apparatus 50 for which the first user has access authority. The second information processing device 20 is a computer used by the second user, and accesses a file for which the second user stored in the information processing device 50 has access authority.

  The information processing device 50 is a device that stores and holds various data, and is, for example, a NAS device. It is assumed that the information processing apparatus 50 manages the use authority for each user for the stored data. The information processing apparatus 50 includes a control unit 51 and a storage unit 52.

  The control unit 51 executes a program that realizes an access control method for a file. The control unit 51 authenticates access from the user to the file to be stored and accepts an operation on the file when permitting access.

  The memory | storage part 52 can memorize | store various information, for example, is HDD (Hard Disk Drive) and SSD (Solid State Drive). The storage unit 52 stores user files and stores user identification information (user ID), usage authority for each user, and notification destination (e-mail address, telephone number, etc.) for each user. In addition, the storage unit 52 sets a file shared area and an area for each user (hereinafter also referred to as an individual storage area).

  Here, in the information processing system 70, a method for giving access authority to data for which the second user has access authority will be described. The first user (use applicant) is a person who does not have access authority for the first user and wants to operate on data (licensed data) for which the second user has access authority. To do. Further, it is assumed that the second user (use licensee) is a person who permits the first user to have access authority to the data subject to permission for which the second user himself has access authority. The first information processing apparatus 10 is used by a first user, and the second information processing apparatus 20 is used by a second user. Further, the access authority possessed by the first user is referred to as a first utilization authority, and the access authority possessed by the second user is referred to as a second utilization authority. In addition, it is assumed that the usage authority possessed by each user can be identified by the identification information of the user.

  The control unit 51 of the information processing apparatus 50 receives an access request to the license target data from the first information processing apparatus 10 with the first usage authority of the first user (FIG. 1 (S1)). Note that the permission target data includes one or more files and one or more directories.

  The control unit 51 sets a shared area that can be shared by the first usage authority and the second usage authority in the storage unit 52 (FIG. 1 (S2)). The shared area is set as a directory for the licensee and the use applicant to use the file jointly, and is also referred to as a virtual directory.

  The control unit 51 receives the request range of the access request by detecting that the access request data is stored in the shared area (FIG. 1 (S3) (S4)). The access request data is created by the first user and stored in the shared area of the storage unit 52 using the first information processing apparatus 10. The access request data is data including an access request range for permission target data. The request range of the access request includes a user who has the second usage authority (use licensee), a path indicating the license target data, and an operation type (read, write, copy) for the license target data. The path indicating the license target data includes one or more file names indicating the license target data and one or more directory names indicating the storage location of the license target data.

  The control unit 51 generates authentication information, and stores the authentication information and the request range of the access request in the storage unit 52 (FIG. 1 (S5)). The authentication information is information for authenticating whether or not the user has a legitimate access right to the license target data. For example, the authentication information is a temporary use password (hereinafter also referred to as a one-time password) in which the access authority usage count and valid time are set.

  The control unit 51 notifies the request destination of the access request and the authentication information to the notification destination associated with the second usage authority (FIG. 1 (S6)). The notification destination associated with the second usage authority is the notification destination of the second user having the second usage authority, for example, the second user's mail address or telephone number.

  The control unit 51 notifies the second user of the request range of the access request and the authentication information. The second user notifies the first user of the authentication information notified from the control unit 51. As a method of contacting, there are a method using e-mail and a method of contacting by telephone. The first user accesses the license target data using the authentication information notified from the second user. When receiving the access using the authentication information, the control unit 51 permits the access to the license target data within the request range of the access request stored together with the authentication information.

  As described above, the information processing apparatus 50 can accept a use request for permission-permitted data by accepting access request data via the shared area. In addition, the information processing apparatus 50 can avoid access from the use applicant to the individual storage area of the licensee by accepting access to the license target data in the shared area, and can secure security for the individual storage area. Further, the information processing apparatus 50 can set the access authority for the permission target data within the range set in the access request data. In addition, the information processing apparatus 50 can set the number of times authentication information is used and the valid time. Thereby, the information processing apparatus 50 can give an access authority to the license target data to the user of the license target data and can restrict operations on the license target data.

  Further, the information processing apparatus 50 notifies the authentication information to the licensee who has the authority to access the data to be licensed, accepts the authentication information notified to the licensee via the usage applicant, Authenticate. For this reason, the information processing apparatus 50 indirectly confirms that the use licensee has permitted the use applicant to access the data to be licensed by notifying the use applicant of the authentication information. Can do.

  In this way, the information processing apparatus 50 can set data access authority while maintaining security between a user who does not have access authority to data and a user who has access authority.

[Second Embodiment]
Next, an information processing system according to the second embodiment will be described with reference to FIG. FIG. 2 is a diagram illustrating an example of the configuration of the information processing system according to the second embodiment.

  The information processing system 100 includes a plurality of user terminals (information processing devices) 300a, 300b, 300c,..., A NAS device 200, an authentication server 400, a gateway device 450, a LAN (Local Area Network) 420, and a WAN ( Wide Area Network) 430. Hereinafter, the user terminals 300a, 300b, 300c,... Will be referred to as the user terminal 300a unless otherwise specified.

  The user terminal 300a performs data processing for each user using a file connection function provided by the NAS device 200. The NAS device 200 is a file server that provides a file connection function to the user terminal 300a. The NAS device 200 includes a plurality of disks (storage devices) 210 and has a large capacity storage area.

  The authentication server 400 is a device that authenticates a user who uses the NAS device 200, and is a computer that manages user IDs and passwords and performs user authentication processing. The mail server 410 is a computer that controls transmission / reception of mail. The gateway device 450 is a device for interconnecting different networks and may have a firewall function.

  The LAN 420 is a communication path including wired or wireless or both, and connects the user terminals 300a, 300b,..., The NAS device 200, the authentication server 400, and the mail server 410. The LAN 420 is an example of a network connecting the user terminal 300a, the NAS device 200, the authentication server 400, the mail server 410, and the gateway device 450, and is, for example, an in-company network. The WAN 430 is an example of a network that connects the user terminal 300c and the gateway device 450, and is a wide area network different from the LAN 420, such as the Internet.

  Here, an example of a usage mode of the user A and the user B who are users who use the file stored in the NAS device 200 in the information processing system 100 will be described. The user A and the user B are in a relationship between a person who applies for the use of the file and a person who grants the use of the file. For example, the user A and the user B are employees in the same company, and are stored in the NAS device 200 based on the respective user access authority. It is assumed that the file that has been used is used. The user A uses the user terminal 300a in the company, but uses the user terminal 300c when working from home. In addition, it is assumed that the user B uses the user terminal 300b in the company. It is assumed that the user A desires to access a file to which the user B has access authority when working from home and applies to the user B for use of the file. It is assumed that user B is a licensed user who accepts an application for use of a file from user A in the company and permits user A to access a file for which user B himself has access authority. Note that the NAS device 200 manages each user with identification information (user ID).

  The NAS device 200 accepts an access request to a file for which the user B has access authority from the user terminal 300c used by the user A, and stores a shared area, such as a memory, in which the user A and the user B can share the file. Set the part. The NAS device 200 generates authentication information (one-time password) for using a file to which the user B has access authority, and notifies the user terminal 300b used by the user B of the authentication information.

  The user terminal 300b receives the operation of the user B, acquires authentication information from the NAS device 200, and notifies the user terminal 300c used by the user A. The one-time password is a password that is valid only once. Here, it is assumed that the password is valid for a predetermined time with respect to a predetermined access range. The user A using the user terminal 300c can access the file to which the user B stored in the shared area has access authority by using the authentication information notified from the user terminal 300b (user B).

Next, a NAS device 200 according to the second embodiment will be described with reference to FIG. FIG. 3 is a diagram illustrating an example of a hardware configuration of the NAS device according to the second embodiment.
The entire NAS device 200 is controlled by the processor 220. A RAM (Random Access Memory) 230 and a plurality of peripheral devices are connected to the processor 220 via a bus 280.

  The processor 220 may be a multiprocessor. The processor 220 is, for example, a central processing unit (CPU), a micro processing unit (MPU), a digital signal processor (DSP), an application specific integrated circuit (ASIC), or a programmable logic device (PLD). The processor 220 may be a combination of two or more elements among CPU, MPU, DSP, ASIC, and PLD.

  The RAM 230 is used as a main storage device of the NAS device 200. The RAM 230 temporarily stores at least a part of the OS program, firmware, and application programs to be executed by the processor 220. The RAM 230 stores various data necessary for processing by the processor 220. The RAM 230 temporarily stores data transferred between the user terminal 300a and the NAS device 200. Note that the RAM 230 may include a cache memory separately from a memory used for storing various data. The RAM 230 is backed up for power supply to the battery 240. Examples of the battery 240 include a lithium ion battery.

  Peripheral devices connected to the bus 280 include a ROM (Read Only Memory) 250, a disk control unit 260, and external interface units 270a, 270b, ..., 270n.

  The ROM 250 retains the stored contents even when the NAS apparatus 200 is powered off. The ROM 250 is, for example, a semiconductor storage device such as an EEPROM (Electrically Erasable and Programmable ROM) or flash memory, an HDD, or the like. The ROM 250 is used as an auxiliary storage device for the NAS device 200. The ROM 250 stores an operating system program, firmware, application programs, and various data. The ROM 250 stores, for example, a data backup procedure (backup program) and a restore procedure (restore program).

  The disk control unit 260 controls the disk 210 (HDD 211a, 211b,..., 211n) that stores files. Hereinafter, the HDDs 211a, 211b,..., 211n are referred to as HDDs 211a unless otherwise specified. The HDD 211a may be built in the NAS device 200 or may be externally connected. The disk control unit 260 controls data transfer between the disk and the bus 280.

  The external interface units 270a, 270b,..., 270n control interfaces (for example, Ethernet (registered trademark)) connected to the LAN 420. Hereinafter, the external interface units 270a, 270b,..., 270n are referred to as the external interface unit 270a unless otherwise specified. A plurality of external interface units 270a are provided for redundancy or for load distribution.

  The HDD 211a is a storage device that stores data for providing a file connection function to the user terminal 300a. For example, a plurality of HDDs are provided, and a RAID (Redundant Array of Inexpensive Disks) can be constructed. The HDD 211a may be replaced with another storage device such as an SSD.

  With the hardware configuration as described above, the processing function of the NAS device 200 of the second embodiment can be realized. In addition to the processor 220 in the NAS device 200, the disk control unit 260 and the information processing device 50 shown in the first embodiment can also be realized by the same hardware as the NAS device 200 illustrated.

  The NAS device 200 implements the processing functions of the second embodiment by executing a program recorded on a computer-readable recording medium, for example. The program describing the processing contents to be executed by the NAS device 200 can be recorded on various recording media. For example, a program to be executed by the NAS device 200 can be stored in the ROM 250. The processor 220 loads at least a part of the program in the ROM 250 into the RAM 230 and executes the program. The program to be executed by the NAS device 200 can be recorded on a portable recording medium such as an optical disk, a memory device, or a memory card (not shown). Optical disks include DVD (Digital Versatile Disc), DVD-RAM, CD-ROM (Compact Disc Read Only Memory), CD-R (Recordable) / RW (ReWritable), and the like. The memory device is a recording medium equipped with a communication function with an external interface unit 270a or a device connection interface (not shown). For example, the memory device can write data to the memory card or read data from the memory card using a memory reader / writer. A memory card is a card-type recording medium.

  The program stored in the portable recording medium can be executed after being installed in the ROM 250 under the control of the processor 220, for example. The processor 220 can also read and execute the program directly from the portable recording medium.

Next, a user terminal 300a according to the second embodiment will be described with reference to FIG. FIG. 4 is a diagram illustrating an example of a hardware configuration of the user terminal according to the second embodiment.
The user terminal 300a includes a control unit 310. The control unit 310 includes a processor 311, a RAM 312, an HDD 313, an image signal processing unit 314, an input signal processing unit 315, a medium reader 316, and a communication interface 317. The entire user terminal 300a is controlled by the processor 311. A RAM 312 and a plurality of peripheral devices are connected to the processor 311 via a bus 318. The processor 311 may be a multiprocessor. The processor 311 is, for example, a CPU, MPU, DSP, ASIC, or PLD. The processor 311 may be a combination of two or more elements among the CPU, MPU, DSP, ASIC, and PLD.

  The RAM 312 is used as a main storage device of the user terminal 300a. The RAM 312 temporarily stores at least part of an OS (Operating System) program and application programs to be executed by the processor 311. The RAM 312 stores various data necessary for processing by the processor 311.

Peripheral devices connected to the bus 318 include an HDD 313, an image signal processing unit 314, an input signal processing unit 315, a media reader 316, and a communication interface 317.
The HDD 313 magnetically writes and reads data to and from the built-in disk. The HDD 313 is used as an auxiliary storage device of the user terminal 300a. The HDD 313 stores an OS program, application programs, and various data. In addition, not only HDD313 but SSD can also be used. As the auxiliary storage device, a semiconductor storage device such as a flash memory can be used.

  The image signal processing unit 314 outputs an image to the display 314a connected to the user terminal 300a in accordance with an instruction from the processor 311. As the display 314a, any type of display such as a CRT (Cathode Ray Tube) display, a liquid crystal display (LCD), a plasma display, an organic EL (OEL: Organic Electro-Luminescence) display, or the like can be used.

  The input signal processing unit 315 acquires an input signal from the input device 315a connected to the user terminal 300a and outputs the input signal to the processor 311. As the input device 315a, any type of input device such as a mouse, a touch panel, a touch pad, a trackball, a keyboard, a remote controller, and a button switch can be used. A plurality of types of input devices may be connected to the user terminal 300a.

  The medium reader 316 is a reading device that reads a program and data recorded on the recording medium 319. As the recording medium 319, for example, a magnetic disk, an optical disk, a magneto-optical disk (MO), a semiconductor memory, or the like can be used. Magnetic disks include flexible disks (FD: Flexible Disk) and HDDs. The optical disc includes a CD (Compact Disc) and a DVD.

  For example, the medium reader 316 copies the program and data read from the recording medium 319 to another recording medium such as the RAM 312 and the HDD 313. The read program is executed by the processor 311, for example. Note that the recording medium 319 may be a portable recording medium and may be used for distribution of programs and data. The recording medium 319 and the HDD 313 may be referred to as computer-readable recording media.

The communication interface 317 is connected to the LAN 420. The communication interface 317 transmits / receives data to / from other computers, storage devices, or communication devices.
With the hardware configuration as described above, the processing functions of the user terminal 300a of the second embodiment can be realized. Note that the first information processing apparatus 10 and the second information processing apparatus 20 of the first embodiment can also be realized by the hardware configuration of the user terminal 300a shown in FIG.

In addition, said structure is an example and the combination of a structure part can be determined suitably. For example, the user terminal 300 c is connected to the WAN 430 instead of the LAN 420.
The user terminal 300a implements the processing functions of the second embodiment by executing a program recorded on a computer-readable recording medium, for example. The program describing the processing contents to be executed by the user terminal 300a can be recorded on various recording media. For example, a program to be executed by the user terminal 300a can be stored in the HDD 313. The processor 311 loads at least a part of the program in the HDD 313 into the RAM 312 and executes the program. In addition, a program to be executed by the user terminal 300a can be recorded on a portable recording medium such as an optical disc, a memory device, or a memory card. The program stored in the portable recording medium becomes executable after being installed in the HDD 313 under the control of the processor 311, for example. The processor 311 can also read and execute the program directly from the portable recording medium.

Next, access request information according to the second embodiment will be described with reference to FIG. FIG. 5 is a diagram illustrating an example of access request information according to the second embodiment.
The access request information 510 is information created by the use applicant and stored in a storage unit such as the RAM 230 or the HDD 211a of the NAS device 200. The access request information 510 is information created by the use applicant when requesting access to a path (directory, file) for which the licensee has access authority.

  The access request information 510 includes items of an access target path, a licensed user ID, an operation type, and a use applicant user ID. In the access target path item, a directory name (access target directory name) requested by the use applicant and a file name (access target file name) requested by the use applicant are registered. The access target path item is a path indicating permission target data in the first embodiment.

  In the item of licensed user ID, a user ID of a user (licenseed user) who has access authority for the access target path is registered. In the operation type item, the operation type (read, write, copy) for the access target path is registered. In the use applicant user ID item, the user ID of the user (use applicant) who requests access authority for the access target path is registered.

  For example, when user A with user ID “1200” requests to perform “read and write” operations on the path “/ VOL1 / PATH1” to which user B with user ID “3400” has access authority. explain. In this case, the user A registers “/ VOL1 / PATH1” in the access target path item of the access request information 510 and “3400” in the licensed user ID item. In addition, the user A registers “read, write” in the operation type item and “1200” in the use applicant user ID item.

Next, access setting information according to the second embodiment will be described with reference to FIG. FIG. 6 is a diagram illustrating an example of access setting information according to the second embodiment.
The access setting information 520 is information created by a use applicant and stored in a storage unit such as the RAM 230 or the HDD 211a of the NAS device 200. The access setting information 520 is information created by a use applicant who has received a one-time password notification from a licensee.

  The access setting information 520 includes items of an access target path, a licensee user ID, a one-time password, and a use applicant user ID. In the access target path item, a directory name (access target directory name) requested by the use applicant and a file name (access target file name) requested by the use applicant are registered. In the item of licensed user ID, a user ID of a user (licenseed user) who has access authority for the access target path is registered. In the one-time password item, the one-time password notified from the licensee to the use applicant is registered. The one-time password is generated by the NAS apparatus 200 using the access request information 510, and is notified from the NAS apparatus 200 to the licensee. The licensee notifies the use applicant of the one-time password by e-mail or the like. In the use applicant user ID item, the user ID of the user (use applicant) who requests access authority for the access target path is registered.

  For example, a case where user A with user ID “1200” requests access using a one-time password “12PW4321” for “/ VOL1 / PATH1” for which user B with user ID “3400” has access authority will be described. To do. In this case, the user A registers “/ VOL1 / PATH1” in the access target path item of the access setting information 520 and “3400” in the licensed user ID item. Further, the user A registers “12PW4321” in the one-time password item and “1200” in the use applicant user ID item.

Next, OTP (One Time Password) management information according to the second embodiment will be described with reference to FIG. FIG. 7 is a diagram illustrating an example of OTP management information according to the second embodiment.
The OTP management information 530 is information created based on the access request information 510 received by the NAS device 200 and stored in a storage unit such as the RAM 230 or the HDD 211a included in the NAS device 200.

  The OTP management information 530 includes items of a management number, use applicant user ID, use licensee user ID, access target path, operation type, generation time, validity check, one-time password, and access authority valid time.

  In the management number field, a number (management number) for managing each entry included in the OTP management information 530 is registered. In the use applicant user ID item, the use applicant user ID included in the access request information 510 is registered. The licensed user ID included in the access request information 510 is registered in the licensed user ID item. In the access target path item, an access target path included in the access request information 510 is registered. In the operation type item, the operation type included in the access request information 510 is registered. In the generation time item, the time at which the NAS device 200 generates a one-time password is registered.

  Information indicating whether or not the validity of the one-time password is confirmed is registered in the validity confirmation item. For example, in the item of validity confirmation, “1” is registered when the NAS device 200 confirms the validity of the one-time password, and “0” is registered when the validity is not confirmed. In the one-time password item, a one-time password generated by the NAS device 200 using the access request information 510 is registered.

  In the item of access authority effective time, the effective time of access authority set in the one-time password is registered. The user can perform the operation set by the operation type for the access target path during the access authority valid time. The NAS apparatus 200 sets the access authority valid time. The NAS device 200 sets the access authority valid time according to the file size and the number of files included in the access target path. Further, the NAS device 200 can accept the setting of the effective time for the access authority from the user (use licensee, use applicant), and can set the access authority effective time according to the received time. The start time of the access authority valid time is either (1) the time when the user can use the one-time password to operate the access target path, or (2) the one-time password generation time. However, it is also possible to set other times. The start time of the access authority valid time is assumed to be (1) by default.

  The NAS device 200 sets a time during which the one-time password can be used effectively (hereinafter, referred to as a password effective time) separately from the access authority effective time. When the user describes the one-time password in the access setting information 520 and registers the access setting information 520 in the NAS device 200 within the password valid time, the user can use the one-time password. The password valid time may be set to a certain time (for example, one hour from the time when the one-time password is generated) by the NAS device 200 for all one-time passwords, or may be another time. The password valid time is not shown.

  For example, the OTP management information 530 includes a management number “1”, a use applicant user ID “1200”, a use licensee user ID “3400”, an access target path “/ VOL1 / PATH1”, and an operation type. Information “read, write” is registered. In addition, information that the generation time is “201602151000”, the validity check is “1”, the one-time password is “12PW4321”, and the access authority valid time is “30 minutes” is registered.

  This is because for the entry with the management number “1”, the NAS apparatus 200 gives the path “/ VOL1 / PATH1” to which the licensed user with the user ID “3400” has access authority to the use applicant with the user ID “1200”. Indicates that access by the “read and write” operation is permitted. In addition, the time when the NAS device 200 generated the one-time password is “10 o'clock on February 15, 2018”, the validity confirmation is “1 (validity confirmed)”, and the one-time password is “12PW4321”. Indicates that the authority valid time is “30 minutes”.

  Next, shared area control processing executed by the user terminals 300b and 300c and the NAS device 200 according to the second embodiment will be described with reference to FIG. FIG. 8 is a diagram illustrating a sequence of shared area control processing according to the second embodiment.

  In the shared area control processing, the NAS device 200 receives an access request from a use applicant, sets a shared area, issues a one-time password to the licensee, and accesses from the use applicant using the one-time password. Is a process of accepting.

  The shared area control process is a process executed by the control unit (processor) of the user terminal 300b, the control unit (processor) of the user terminal 300c, and the control unit (processor 220) of the NAS device 200. In the description of FIG. 8, the control unit (processor) of the user terminal 300b is the user terminal 300b, the control unit (processor) of the user terminal 300c is the user terminal 300c, and the control unit (processor 220) of the NAS device 200 is the NAS device 200. Describe.

  Here, it is assumed that the user terminal 300b receives an input operation from the user B who is a licensee and performs a process according to the input operation. In addition, the user terminal 300c receives an input operation from the user A who is a use applicant, and performs processing according to the input operation.

  Even if the user terminal 300c tries to access a file owned by the user B (a file for which only the user B is permitted to access) depending on the access authority of the user A, the owner (user) of the access authority is different. Is denied access. For this reason, it is assumed that the user terminal 300c performs file use application processing for the file owned by the user B according to the access authority of the user A.

  [Step S11] The user terminal 300b registers the mail address and user ID of the user B in the NAS device 200. The NAS device 200 stores the mail address and user ID of the user B received from the user terminal 300b in the storage unit. The NAS device 200 may transmit the mail address and the user ID to the mail server 410, and the mail server 410 may manage the mail address and the user ID in association with each other.

  The e-mail address is merely an example of a notification destination, and may be a telephone number or the like. When the notification destination is a telephone number, the NAS device 200 can make a notification by a voice message, a short message, or the like.

  [Step S12] The user terminal 300c performs login processing to the authentication server 400 of the user A. The authentication server 400 receives the user ID of the user A and an authentication password for the authentication server 400 from the user terminal 300c, and authenticates the user A.

  [Step S13] The user terminal 300c sends a mount request for the file sharing area to the NAS device 200. In other words, the user terminal 300 c transmits to the NAS device 200 an execution request for an operation for incorporating the file shared area available to the user A into the tree structure of the file system managed by the NAS device 200.

  [Step S14] The NAS device 200 receives the mount request for the file sharing area, and creates a virtual directory for the user (use applicant) who has made the mount request under the file sharing area.

  A virtual directory is a directory (folder) for accepting temporary access from a user. The virtual directory is set for each user who has made a mount request for the file sharing area, and is not a directory that is not accessible by other users. The virtual directory can be set as a directory that accepts access from the use applicant and the licensee and does not accept access from other users. Further, when the NAS apparatus 200 receives a request for unmounting (unmounting) a file shared area from the user, the virtual directory area secured in the memory is released and erased. Further, the NAS device 200 returns the file stored in the virtual directory to the original storage position in accordance with the unmounting process, and deletes the shortcut (symbolic link) stored in the virtual directory.

[Step S15] The NAS device 200 transmits to the user terminal 300c a notification that the mounting of the file sharing area is permitted.
[Step S16] The user terminal 300c registers the access request information 510 in the NAS device 200. Specifically, the access request information 510 is stored in a virtual directory mounted under the file sharing area. Here, it is assumed that the access request information 510 is created by the use applicant. Further, it is assumed that the access target path item included in the access request information 510 is registered with the user B owned file.

  [Step S17] The user terminal 300c transmits a shared access request for the file owned by the user B (hereinafter referred to as a first access permission request) to the NAS device 200. The first access permission request is a request for requesting permission for access to the access target path after the access request information 510 is registered.

  [Step S18] The NAS device 200 receives the first access permission request, detects that the access request information 510 is registered, and generates a one-time password using the access request information 510.

[Step S19] The NAS device 200 sends the generated one-time password to the licensee (user terminal 300b) by e-mail.
[Step S20] The user terminal 300b notifies the use applicant of the one-time password. In addition, the notification method in this step may be notified by mail from the terminal used by the licensee (user terminal 300b) to the terminal used by the use applicant (user terminal 300c), or other methods. May be.

  [Step S21] The user terminal 300c registers the access setting information 520 in the NAS device 200. Specifically, the access setting information 520 is stored in a virtual directory mounted under the file sharing area.

  Here, it is assumed that the access setting information 520 is created by the use applicant. In addition, it is assumed that a file owned by user B is registered as an access target path item included in the access setting information 520. It is assumed that the one-time password transmitted in step S19 is registered as the one-time password included in the access setting information 520.

  The NAS device 200 can accept the one-time password (authentication information) notified to the licensee through the use applicant by registering the access setting information 520. The NAS apparatus 200 can indirectly confirm that the one-time password is notified to the use applicant from the use licensor and that the use licensor has permitted the use applicant to access the file owned by the user B.

  [Step S22] The user terminal 300c transmits an access authentication request (hereinafter referred to as a second access permission request) for the file owned by the user B to the NAS device 200. The second access permission request is a request for requesting permission for access to the access target path after the access setting information 520 is registered. Note that a file owned by user B is registered in the access target path included in the access setting information 520.

  [Step S23] The NAS device 200 receives the second access permission request, authenticates the one-time password included in the access setting information 520, and permits the use applicant (user A) to access the file owned by the user B.

[Step S24] The user terminal 300c accesses the file owned by the user B using a one-time password.
[Step S25] The NAS device 200 accepts access using the one-time password from the user terminal 300c, and the range (access target path, operation type, user ID) set for the one-time password and the valid time range. Allow access.

  In this way, the NAS device 200 avoids access from the use applicant to the individual storage area of the licensee by setting the virtual directory as a file sharing area and accepting access from the use applicant in the virtual directory. Keep security.

  The processes in steps S14 and S15 included in the shared area control process will be described later with reference to FIG. The processes in steps S18 and S19 included in the shared area control process will be described later with reference to FIG. The process of step S23 included in the shared area control process will be described later with reference to FIG. The process of step S25 included in the shared area control process will be described later with reference to FIGS.

Next, the mounting process will be described with reference to FIG. FIG. 9 is a diagram illustrating a flowchart of the mount processing according to the second embodiment.
The mount process is a process in which the control unit (processor 220) of the NAS device 200 creates a virtual directory and mounts it on a file shared area. The mount process is a process corresponding to steps S14 and S15 of the shared area control process. The control unit (processor 220) of the NAS device 200 receives the mount request and executes the mount process.

[Step S31] The NAS device 200 receives a mount request for a file shared area.
[Step S32] The NAS device 200 requests the mount requester to input the user ID and password, and receives the user ID and password of the requester user. Note that the request source of the mount request is the user terminal 300c used by the use applicant in FIG. Further, the received user ID and password are the user ID and password of the use applicant.

  [Step S33] The NAS device 200 requests the authentication server 400 to authenticate the received user ID and password. The authentication server 400 authenticates the received user ID and password, and transmits the authentication result (permission response, rejection response) to the NAS device 200. Note that the details of the processing of the authentication server 400 are omitted.

  [Step S34] The NAS device 200 determines whether or not a permission response has been received from the authentication server 400, and proceeds to step S35 if a permission response is received, and proceeds to step S32 if a rejection response is received.

  [Step S35] The NAS device 200 creates a virtual directory in the memory according to the user ID. The NAS device 200 grants access authority to the virtual directory only to the user (use applicant) corresponding to the user ID input from the mount request source.

[Step S36] The NAS device 200 mounts the created virtual directory under the shared area.
[Step S37] The NAS device 200 notifies the requester of the mount request that the mount of the file shared area is permitted, and ends the process.

Next, the one-time password issuing process will be described with reference to FIG. FIG. 10 is a diagram illustrating a flowchart of the one-time password issuing process according to the second embodiment.
The one-time password issuance process is a process in which the control unit (processor 220) of the NAS device 200 generates a one-time password and notifies the licensee. The one-time password issuance process is a process corresponding to steps S18 and S19 of the shared area control process. The control unit (processor 220) of the NAS device 200 receives the first access permission request and executes a one-time password issuing process.

  [Step S41] The NAS apparatus 200 determines whether or not the access request information 510 has been registered in the virtual directory. If it has been registered, the NAS apparatus 200 proceeds to step S42, and if not, proceeds to step S41.

[Step S42] The NAS device 200 reads the access request information 510 and registers it in the OTP management information 530.
[Step S43] The NAS apparatus 200 uses the one-time password based on the combination (password generation key) of the user ID (use applicant user ID and licensee user ID), access target path, and current time acquired from the access request information 510. Is generated.

  For example, when the current time is “201802151000”, the password generation key for the entry of the management number “1” in the OTP management information 530 is “12003400vol1path1201802151000”.

The one-time password generation method may be a method using a mathematical algorithm such as a one-way function, or may be another method.
[Step S44] The NAS device 200 registers the generated one-time password in the OTP management information 530. Further, the NAS device 200 sets an access authority valid time corresponding to the one-time password and registers it in the OTP management information 530. The access authority valid time may be set according to the number of files included in the access target path and the file size, or a fixed time may be set for all one-time passwords. For example, the NAS device 200 can set the access authority valid time to “30 minutes” when the number of files included in the access target path is “less than 3”. The NAS device 200 sets the access authority valid time to “2 hours” when the number of files is “3 or more and less than 10”, and sets the access authority valid time to “3 hours” when the number of files is “10 or more”. Can be set as

[Step S45] The NAS device 200 registers the password generation time in step S43 as the generation time of the OTP management information 530.
[Step S46] The NAS device 200 acquires a mail address corresponding to the licensee user ID.

  [Step S47] The NAS device 200 creates a mail including the generated one-time password and transmits it to the acquired mail address. For example, in this step, the NAS device 200 has made an access request to the “license holder (ID: 3400)“ / VOL1 / PATH1 ”from the use applicant (ID: 1200). Create an email saying "Please notify the user of 12PW4321". In addition, the NAS device 200 indicates in the above-mentioned e-mail the password valid time “The password is valid for one hour. Please notify the user to register the access setting information with the password within one hour.” A reminder message may be added. In addition, the NAS device 200 relates to the above-mentioned e-mail regarding the access authority valid time “The access authorization valid time is 30 minutes. Please notify the use applicant that the operable time for the access target path is 30 minutes.” An alert message may be added. Note that these mail messages are merely examples, and other messages may be used.

Next, the one-time password authentication process will be described with reference to FIG. FIG. 11 is a flowchart illustrating the one-time password authentication process according to the second embodiment.
The one-time password authentication process is a process in which the control unit (processor 220) of the NAS device 200 authenticates the one-time password and permits access from the use applicant. The one-time password issuance process is a process corresponding to step S23 of the shared area control process. The control unit (processor 220) of the NAS device 200 receives the second access permission request and executes a one-time password authentication process.

  [Step S51] The NAS device 200 determines whether or not the access setting information 520 is registered in the virtual directory. If it is registered, the NAS apparatus 200 proceeds to Step S52, and if not, proceeds to Step S51.

  [Step S52] The NAS device 200 compares the information registered in the access setting information 520 with the information registered in the OTP management information 530, and determines whether the comparison results match. The NAS device 200 registers the same information in the entry of the OTP management information 530 with respect to information registered in the access setting information 520 (access target path, licensed user ID, one-time password, use applicant user ID). If it is, it is determined as a match. The NAS device 200 proceeds to step S53 if the comparison results are consistent, and proceeds to step S51 if they are not consistent.

  [Step S53] The NAS device 200 uses the OTP management information 530 to determine whether or not the access target path has been accessed with a valid user ID and one-time password.

  The NAS device 200 (1) accesses with the operation type registered for the access target path, (2) whether the access setting information 520 is registered within the one-time password valid time, or (3) performs access. Whether the user ID is a use applicant user ID or not is determined as to validity. The NAS device 200 proceeds to step S54 if the user ID and the one-time password are valid, and proceeds to step S51 if they are not valid.

  [Step S54] The NAS device 200 sets the access authority with the requesting user ID (use applicant user ID) in the access target path, and sets the access target path in the virtual directory. In other words, the NAS device 200 changes the access authority of the access target path from the use licensor to the use applicant, and moves the access target path to the virtual directory. Moving the access target path to the virtual directory may be a process of moving or copying a file included in the access target path, or a process of creating a symbolic link (shortcut, link file, etc.) for the access target path. May be.

  Note that when the file included in the access target path is moved or copied to the virtual directory, the NAS device 200 moves the moved or copied file to the original access target path before erasing the virtual directory as a result of unmounting. Or copy. In addition, when creating a symbolic link for the access target path, the NAS device 200 disconnects or deletes the symbolic link link before deleting the virtual directory as a result of unmounting.

Next, the access request information detection process will be described with reference to FIG. FIG. 12 is a diagram illustrating a flowchart of access request information detection processing according to the second embodiment.
The access request information detection process is a process in which the control unit (processor 220) of the NAS device 200 detects access request information registered from the user terminal 300c (use applicant). The access request information detection process is a process corresponding to step S41 of the one-time password issuing process. The control unit (processor 220) of the NAS device 200 receives the mount request and executes the access request information detection process in the background of other processes.

  [Step S61] The NAS apparatus 200 determines whether or not a file creation operation (file creation and open operation) has been accepted. The NAS device 200 proceeds to step S62 when the file creation operation is accepted, and proceeds to step S61 when the file creation operation is not accepted.

  [Step S62] The NAS device 200 determines whether or not the virtual directory set for the user who performs the file creation operation is the target of the file creation operation. The NAS device 200 proceeds to step S63 if the virtual directory set for the user who performs the file creation operation is the target, and proceeds to step S61 if it is not the target.

  [Step S63] The NAS apparatus 200 determines whether the target of the file creation operation is the access request information 510. The NAS device 200 proceeds to step S64 when the target is the access request information 510, and proceeds to step S61 when the target is not the access request information 510.

[Step S64] The NAS device 200 detects that the access request information 510 has been registered, and ends the process.
The NAS device 200 can also detect the access setting information 520 in the same manner as the access request information detection process. In this case, the NAS device 200 determines that the target of the file creation operation in step S63 is not the access request information 510 but the access setting information 520. In this case, it is assumed that the NAS device 200 detects that the access setting information 520 is registered in step S64.

  Next, the access authentication process will be described with reference to FIGS. FIG. 13 is a flowchart (part 1) of the access authentication process according to the second embodiment. FIG. 14 is a diagram illustrating a flowchart (part 2) of the access authentication process according to the second embodiment.

  The access authentication process is a process in which the control unit (processor 220) of the NAS device 200 authenticates the one-time password and permits access from the use applicant. The access authentication process is a process corresponding to step S25 of the shared area control process. The control unit (processor 220) of the NAS device 200 accepts access by the user authority of the use applicant (user A) and executes access authentication processing.

  [Step S71] The NAS apparatus 200 determines whether or not the access setting information 520 is registered in the virtual directory. If the access setting information 520 is registered, the NAS apparatus 200 proceeds to Step S72. If not registered, the NAS apparatus 200 proceeds to Step S71.

  [Step S72] The NAS device 200 determines whether access to the virtual directory from the user terminal 300c has been accepted from the user terminal 300c. If accepted, the NAS device 200 proceeds to step S73. If not accepted, the NAS device 200 proceeds to step S71. Proceed.

  [Step S73] The NAS apparatus 200 determines whether or not the combination of the access source user ID and the accessed access target path received in S72 is present in the entry of the OTP management information 530. The NAS device 200 proceeds to step S74 if it exists, and proceeds to step S71 if it does not exist.

  [Step S74] The NAS device 200 determines whether or not the one-time password included in the access setting information 520 is valid. If the one-time password is valid, the NAS device 200 proceeds to step S75, and if not valid, proceeds to step S71.

  When the NAS device 200 (1) compares the one-time passwords included in the access setting information 520 and the OTP management information 530 and (2) receives the access setting information 520 within the password valid time, the NAS device 200 receives the one-time password. Is determined to be valid. This determination method is merely an example, and the validity of the one-time password may be determined by other methods.

  [Step S75] The NAS device 200 establishes a session authenticated with a one-time password, and starts accepting an operation registered with the operation type for the access target path from the user terminal 300c (use applicant).

  [Step S76] The NAS device 200 registers “1” in the validity check flag of the OTP management information 530 for the one-time password determined to be valid in Step S74.

  [Step S77] The NAS device 200 determines whether or not the session authenticated with the one-time password has ended or the access authority valid time corresponding to the one-time password has passed. The NAS device 200 ends the access authentication process when the session authenticated with the one-time password is completed, or when the access authority valid time is exceeded, and proceeds to step S78 otherwise. In this step, when the access authentication process is terminated, the NAS device 200 notifies the access source user terminal of the reason for terminating the process (session termination, access authority valid time exceeded).

[Step S78] The NAS device 200 accepts file operations within the range set by the operation type of the OTP management information 530.
[Step S79] The NAS device 200 determines whether or not the access source user (use applicant) has the access authority for the file operation target file received in Step S78. The NAS apparatus 200 proceeds to step S80 if the access source user (use applicant) has access authority, and proceeds to step S81 if there is no access authority.

  [Step S80] The NAS device 200 normally permits file operations. In other words, the NAS device 200 permits file operations without being restricted by the setting of the OTP management information 530 because the file owner himself / herself is accessing a file for which he has access authority.

  [Step S81] The NAS apparatus 200 determines whether or not the licensee has access authority for the file operation target file received in step S78. The NAS device 200 proceeds to step S83 if the licensee has access authority, and proceeds to step S82 if there is no access right.

  [Step S82] The NAS device 200 normally rejects file operations. In other words, the NAS apparatus 200 is limited to the setting of the OTP management information 530 because the access is to a file for which a third party has access authority (a file for which neither the licensee nor the use applicant has access authority). Reject the file operation without

  [Step S83] The NAS device 200 changes the access authority of the access target path from the use licensor to the use applicant, permits access to the file operation from the access source user (use applicant), and accepts the operation. Then, the process is terminated. Note that the NAS device 200 restores the access authority of the access target path whose access authority has been changed after the file operation by the use applicant has been completed. Further, when the NAS device 200 receives a request for unmounting (unmounting) a file shared area from a use applicant, the NAS apparatus 200 performs processing for unmounting the file shared area.

  In this way, the NAS device 200 sets a virtual directory as an area for temporarily accepting access, and sets access authority so that the user can perform operations on files for which the licensee has access authority in the virtual directory. It can be performed. In addition, the NAS device 200 can accept the authentication information notified to the licensee through the usage applicant, and when the authentication information is authenticated, the NAS device 200 can permit the usage applicant to access the file.

  In this way, the information processing system 100 grants access authority within the requested range to the data designated by the use applicant among the data for which the licensee has access authority. Thereby, the information processing system 100 can set the access authority to the data while maintaining the security for the data to which the licensee has the access authority.

  The above processing functions can be realized by a computer. In that case, a program describing processing contents of functions that the NAS apparatus 200 and the information processing apparatus 50 shown in the first embodiment should have is provided. By executing the program on a computer, the above processing functions are realized on the computer. The program describing the processing contents can be recorded on a computer-readable recording medium. Examples of the computer-readable recording medium include a magnetic storage device, an optical disk, a magneto-optical recording medium, and a semiconductor memory. Magnetic storage devices include hard disk devices (HDD), flexible disks (FD), magnetic tapes, and the like. Optical discs include DVD, DVD-RAM, CD-ROM / RW, and the like. Magneto-optical recording media include MO.

  When distributing the program, for example, a portable recording medium such as a DVD or a CD-ROM in which the program is recorded is sold. It is also possible to store the program in a storage device of a server computer and transfer the program from the server computer to another computer via a network.

  The computer that executes the program stores, for example, the program recorded on the portable recording medium or the program transferred from the server computer in its own storage device. Then, the computer reads the program from its own storage device and executes processing according to the program. The computer can also read the program directly from the portable recording medium and execute processing according to the program. In addition, each time a program is transferred from a server computer connected via a network, the computer can sequentially execute processing according to the received program.

  In addition, at least a part of the processing functions described above can be realized by an electronic circuit such as a DSP, ASIC, or PLD.

DESCRIPTION OF SYMBOLS 10 1st information processing apparatus 20 2nd information processing apparatus 40 Network connection apparatus 41 1st network 42 2nd network 50 Information processing apparatus 51 Control part 52 Memory | storage part 70 Information processing system

Claims (5)

Accepting an access request to the data subject to permission from a first usage right that does not have permission to access the subject data;
A shared area that can be shared by the first usage right and the second usage right having the access right to the licensed data is set in a storage unit;
Accepting the request range of the access request by detecting that access request data including the request range of the access request is stored in the shared area;
Generating authentication information, storing the authentication information and a request range of the access request in the storage unit;
A control unit that notifies the request range of the access request and the authentication information to a notification destination associated with the second usage right;
An information processing apparatus comprising: The controller is
Receiving the authentication information notified to the notification destination via the first usage authority;
When the authentication information is authenticated, the access authority to the license target data stored in the shared area is set to the first use authority within the range set in the request range of the access request.
The information processing apparatus according to claim 1. The request range of the access request is:
Including a user having the second usage right, a path indicating the permission target data, and an operation type indicating an operation on the permission target data.
The information processing apparatus according to claim 1. The controller is
Changing the access right to the license target data from the second use right to the first use right to set the access right to the license target data to the first use right;
The information processing apparatus according to claim 2. On the computer,
Accepting an access request to the data subject to permission from a first usage right that does not have permission to access the subject data;
A shared area that can be shared by the first usage right and the second usage right having the access right to the licensed data is set in a storage unit;
Accepting the request range of the access request by detecting that access request data including the request range of the access request is stored in the shared area;
Generating authentication information, storing the authentication information and a request range of the access request in the storage unit;
Notifying the request range of the access request and the authentication information to a notification destination associated with the second usage authority;
A program that executes processing.

Images