JP2022066438A - Account management system, account management device, account management method, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To improve security on privilege ID lending.

SOLUTION: An account management system for managing accounts of one or more servers constituting a business system comprises: an application processing section for accepting an account lending application specified with at least identification information of the sever; and an account creating section for creating a privilege account of the server indicated by the identification information specified in the account lending application accepted by the application processing section with an account name according to prescribed naming rules, the naming rules including that the number of characters of the account name is made variable in accordance with a time zone..

SELECTED DRAWING: Figure 4

COPYRIGHT: (C)2022,JPO&INPIT

Description

There is an application for application of Article 30, Paragraph 2 of the Patent Act. On November 9, 2018, https: // www. ntt-tx. co. jp / products / advertisement / news / 20181109. Published in html

The present invention relates to an account management system, an account management device, an account management method and a program.

In recent years, various business systems have been used in companies. For example, in a bank, banking business is carried out using various business systems such as a core banking system and an information system. Since maintenance or development work such as system update and software introduction is performed regularly or suddenly in these business systems, the person in charge of work or the like needs a privileged ID for these works. The privileged ID is, for example, an account having administrator privileges.

Further, a technique capable of collectively managing accounts of a plurality of devices is known (see, for example, Patent Document 1).

Japanese Unexamined Patent Publication No. 2008-656662

Here, since the privileged ID is an account having stronger authority than the general ID, its use often requires a predetermined approval procedure specified in the company. That is, in many cases, the privileged ID is lent out to the person in charge of work and the like, and its use is permitted only after the predetermined approval procedure has been passed. In addition, such an approval procedure is often performed using a workflow system.

However, since a generally well-known ID name (for example, "root" or "Administrator") is used as the privileged ID, the rented privileged ID may be stolen by a third party.

An embodiment of the present invention has been made in view of the above points, and an object thereof is to improve security regarding lending of privileged IDs.

In order to achieve the above object, the embodiment of the present invention is an account management system that manages accounts of one or more servers constituting a business system, and an account lending application to which at least the identification information of the server is specified is submitted. It has an application processing unit that accepts accounts and an account creation unit that creates a privileged account of the server indicated by the identification information specified in the account lending application accepted by the application processing unit with an account name that follows a predetermined naming rule. However, the naming rule includes making the number of characters of the account name variable according to the time zone.

It is possible to improve the security regarding the lending of privileged IDs.

It is a figure which shows an example of the whole structure of the ID management system which concerns on this embodiment. It is a figure which shows an example of one-time privilege ID information. It is a figure for demonstrating an example of the flow of one-time privileged ID lending application processing. It is a figure which shows an example of the privilege ID lending application screen. It is a figure which shows an example of the one-time privilege ID selection screen. It is a figure for demonstrating an example of the flow of a one-time privilege ID activation process. It is a figure for demonstrating an example of the flow of the one-time privilege ID invalidation processing.

Hereinafter, embodiments of the present invention (hereinafter referred to as “the present embodiment”) will be described in detail with reference to the drawings. In the present embodiment, when lending a privileged ID of a business system, a privileged ID having a different ID name (and password) is created in the business system, and the ID management system 1 for lending out this privileged ID will be described. As a result, in the ID management system 1 according to the present embodiment, the privileged ID with a different ID name is lent out each time, so that it is possible to prevent the theft of the privileged ID and improve the security related to the renting out of the privileged ID. can. In this embodiment, a privileged ID created with a different ID name (and password) each time is referred to as a “one-time privileged ID”.

Further, hereinafter, the server or the like constituting the business system in which the one-time privilege ID is created is also referred to as a “target”. The one-time privilege ID is an account for logging in to this server or the like.

It should be noted that the account generally includes a general ID in addition to the privileged ID. The general ID is, for example, an account having general authority. However, the account is not limited to the privileged ID and the general ID, and may include, for example, an ID having various privileges set by an administrator or the like. In addition, the privileges possessed by the privileged ID and the general ID also differ depending on the business system and the like.

<Overall configuration>
First, the overall configuration of the ID management system 1 according to the present embodiment will be described with reference to FIG. FIG. 1 is a diagram showing an example of the overall configuration of the ID management system 1 according to the present embodiment.

As shown in FIG. 1, the ID management system 1 according to the present embodiment has an ID management device 10, a terminal device 20, and a target 30. Further, the ID management device 10, the terminal device 20, and the target 30 are connected to each other so as to be communicable with each other via the network N. The network N is various networks such as the Internet and an in-house LAN (Local Area Network).

The target 30 is a server or the like that constitutes a business system in which a one-time privilege ID is created. A business system is a variety of computer systems used in a company's business activities. The business system may include a computer system called a core system. Examples of the business system include an accounting system, an accounting system, an information system, a sales management system, a production management system, an inventory management system, an expense settlement system, a personnel management system, an online game system, and the like.

Here, one business system is composed of one or more servers. The example shown in FIG. 1 shows a case where a core banking system is configured by a plurality of servers such as the core banking server No. 1. In this case, each of these plurality of servers is the target 30. On the other hand, the accounting system is composed of one accounting server. In this case, the accounting server is the target 30. In addition to the server, the business system may include various devices (for example, a relay device for connecting the servers).

The terminal device 20 is a terminal used by an applicant who applies for lending a one-time privileged ID, an approver who approves the application, a user who uses the one-time privileged ID, and the like. As the terminal device 20, for example, various terminals such as a PC (personal computer), a tablet terminal, and a smartphone can be used.

In the present embodiment, the application for lending the one-time privileged ID and the approval for this application are performed using the workflow system. Therefore, the above-mentioned applicant is also referred to as a “workflow applicant”, and the above-mentioned approver is also referred to as a “workflow approver”. A user who uses a one-time privileged ID is also referred to as an "ID user".

In the following, the terminal device 20 used by the workflow applicant is the "applicant terminal device 20", the terminal device 20 used by the workflow approver is the "approver terminal device 20", and the terminal device 20 used by the ID user. Is also referred to as "user terminal device 20".

The ID management device 10 is a computer or a computer system that manages an account (one-time privileged ID, etc.) of the target 30. When the workflow application applied by the workflow applicant is approved by the workflow approver, the ID management device 10 creates a one-time privileged ID of the target 30 specified in the workflow application and notifies the ID user. At this time, the ID management device 10 creates a one-time privileged ID with a different ID name for each workflow application according to a predetermined naming rule. As a result, a one-time privileged ID with a different ID name is lent to the ID user each time.

In the present embodiment, the case where the ID management device 10 manages the one-time privileged ID will be described. However, the ID management device 10 has, for example, a privileged ID (not one-time) in addition to the one-time privileged ID. Or general IDs and the like may be managed.

Here, the ID management device 10 according to the present embodiment has an application processing unit 110, an activation processing unit 120, and an invalidation processing unit 130 as functional units. These functional units are realized by processing one or more programs installed in the ID management device 10 to be executed by a processor such as a CPU (Central Processing Unit).

Further, the ID management device 10 according to the present embodiment has a one-time privileged ID information storage unit 210 as a storage unit. The storage unit can be realized by using a storage device such as an HDD (Hard Disk Drive) or an SSD (Solid State Drive). The one-time privileged ID information storage unit 210 may be realized by using, for example, a storage device connected to the ID management device 10 via the network N.

The application processing unit 110 executes a workflow application process for lending the one-time privileged ID of the target 30 (hereinafter, also referred to as “one-time privileged ID lending application process”) in response to the operation of the applicant terminal device 20. do. At this time, when the workflow application is approved by the approver terminal device 20, the application processing unit 110 creates the one-time privilege ID in the invalidated state, and the information regarding the created one-time privilege ID (hereinafter, "One"). (Also referred to as "time privileged ID information") is stored in the one-time privileged ID information storage unit 210. At the time of workflow application, for example, an ID user who uses a one-time privileged ID, a usage start date / time, a usage end date / time, and the like are specified by the workflow applicant.

Here, the invalidated one-time privileged ID is a one-time privileged ID in which the target 30 cannot be logged in using the one-time privileged ID. On the other hand, the activated one-time privilege ID is a one-time privilege ID in which the target 30 can be logged in using the one-time privilege ID.

The activation processing unit 120 activates the one-time privileged ID when the use start date and time of the one-time privileged ID created by the application processing unit 110 is reached. As a result, it becomes possible to log in to the corresponding target 30 with the one-time privilege ID (that is, the enabled state).

The invalidation processing unit 130 invalidates the one-time privilege ID when the use end date and time of the one-time privilege ID created by the application processing unit 110 is reached or when the application for termination of use of the one-time privilege ID is made. Privilege. As a result, it becomes impossible to log in to the target 30 with the one-time privileged ID (that is, the invalidated state). The application for termination of use is an application made when the ID user clearly indicates that he / she has terminated the use of the one-time privileged ID.

The one-time privileged ID information storage unit 210 stores the one-time privileged ID information created by the application processing unit 110. Here, the one-time privileged ID information stored in the one-time privileged ID information storage unit 210 will be described with reference to FIG. 2. FIG. 2 is a diagram showing an example of one-time privileged ID information.

As shown in FIG. 2, the one-time privileged ID information includes an ID name, a password, a user, a usage target, a usage start date and time, a usage end date and time, an access method, and a valid / invalid classification. included.

The ID name is the ID name of the one-time privileged ID. The password is a one-time privileged ID password. The user is identification information (for example, a user ID, etc.) of an ID user who uses the one-time privileged ID (that is, an ID user to which the one-time privileged ID is rented). The usage target is the identification information (for example, target ID, etc.) of the target 30 in which the one-time privileged ID is used. The usage start date and time is the start date and time when the one-time privileged ID can be used (that is, the rental start date and time). The end-of-use date and time is the scheduled end date and time of the end of use of the one-time privileged ID.

The access method is an access method when accessing the target 30 by using the one-time privileged ID. The access method includes, for example, "remote desktop" and "SSH connection".

The valid / invalid classification is information (for example, a flag or the like) indicating whether the one-time privilege ID is in the enabled state or the invalidated state.

In this way, each one-time privileged ID information stored in the one-time privileged ID information storage unit 210 includes the ID name and password of the one-time privileged ID, the user, the target of use, and the period of use (use start date and time and use). End date and time), access method, whether it is enabled or disabled, etc. are included. In addition to these, the one-time privileged ID information may include various information such as, for example, the purpose of use of the one-time privileged ID and the contents of work performed by using the one-time privileged ID. Further, the account group name to which the one-time privilege ID belongs may be included.

<One-time privileged ID lending application processing>
Next, the flow of processing when applying for lending of a one-time privileged ID will be described with reference to FIG. FIG. 3 is a diagram for explaining an example of the flow of the one-time privileged ID lending application process.

First, the application processing unit 110 causes the applicant terminal device 20 to display, for example, the privileged ID lending application screen G100 shown in FIG. 4 in response to the operation of the applicant terminal device 20 (step S101). The workflow applicant can display the privileged ID lending application screen G100 shown in FIG. 4 by, for example, an operation in a Web application or the like for making a privileged ID lending application.

The privileged ID lending application screen G100 shown in FIG. 4 is a screen for applying for lending of a privileged ID including a one-time privileged ID. However, on the privileged ID lending application screen G100 shown in FIG. 4, not only the privileged ID including the one-time privileged ID but also the general ID lending application may be performed.

On the privileged ID lending application screen G100 shown in FIG. 4, the workflow applicant inputs the application name, usage period (that is, usage start date and time and usage end date and time), purpose of use, work content, etc., and is one-time as a lending account. By designating the privilege ID and pressing the application button G101, the loan application operation of the privilege ID including the one-time privilege ID can be performed. In addition, any application name, purpose of use, and work content can be entered in the application name, purpose of use, and work content. It is also possible to select a file attached to the workflow application (for example, an electronic file such as an application form required for an account lending application such as a privileged ID).

Here, the workflow applicant can specify the one-time privilege ID by pressing the "add one-time privilege ID" button G102. Specifically, when the "add one-time privilege ID" button G102 is pressed, the one-time privilege ID selection screen G200 shown in FIG. 5 is displayed on the applicant terminal device 20.

The one-time privileged ID selection screen G200 shown in FIG. 5 is a screen for selecting various information of the one-time privileged ID to be rented. In the one-time privileged ID selection screen G200 shown in FIG. 5, the workflow applicant can use the user selection field G201, the usage target selection field G202, the access method selection field G203, and the account group selection field G204 to obtain the desired user and usage target ( After selecting the target 30), the access method, and the account group, the add button G205 is pressed. As a result, these selected information are added to the lending account column G103 of the privileged ID lending application screen G100 shown in FIG. 4 as the information of the one-time privileged ID to be rented.

Here, the account group that can be selected in the account group selection field G204 is an account group related to the privileged ID of the target 30 selected in the usage target selection field G202. The one-time privileged ID is created as a privileged ID belonging to the account group selected in the account group selection field G204.

When the "Add lending account" button is pressed on the privileged ID lending application screen G100 shown in FIG. 4, a screen for selecting various information of a normal privileged ID (not one-time) is displayed. By selecting various information of the normal privilege ID on this screen, the workflow applicant can lend the normal privilege ID. Further, various information of the general ID may be selected on the screen.

When the privileged ID lending application operation is performed, the application processing unit 110 performs a workflow-based privileged ID lending application (that is, one-time privileged ID lending) with the contents specified on the privileged ID lending application screen G100 shown in FIG. Workflow application) is performed (step S102). As a result, this workflow application is notified or transmitted to the approver terminal device 20 of the workflow approver, and can be approved by the approver terminal device 20. The workflow approver may be determined in advance according to the workflow applicant, the workflow application content, or the like, or the workflow applicant may be able to specify the workflow approver at the time of workflow application. Further, the workflow approver is not limited to one person, and may be a plurality of people.

Hereafter, it is assumed that the workflow approver approves the workflow application for lending the one-time privileged ID.

When the workflow application related to the lending of the one-time privilege ID is approved, the application processing unit 110 creates the one-time privilege ID specified in the workflow application in the corresponding target 30 in an invalidated state, and also creates this one-time privilege ID in the invalidated state. One-time privileged ID information related to the ID is created and stored in the one-time privileged ID information storage unit 210 (step S103). The application processing unit 110, for example, sends a privileged ID creation request specifying an ID name, an account group, or the like to the corresponding target 30 (that is, the usage target specified in the workflow application) to obtain a one-time privileged ID. Can be created.

Here, the ID name of the one-time privileged ID is created according to a predetermined naming convention (that is, for example, the ID name according to the predetermined naming convention is specified in the privileged ID creation request). Predetermined naming conventions include: However, the following naming convention is an example, and any naming convention can be used as long as it is possible to name a different ID name for each one-time privileged ID. The naming convention is preferably a naming convention that makes it difficult to guess the ID name.

(Naming convention 1)
As the ID name = "character string predetermined for each user + serial number for each target 30", 1 is added to the serial number each time a one-time privilege ID of the same target 30 is created.

For example, after the one-time privilege ID of ID name = "abcd1234" ("abcd" is a character string predetermined for a certain user) is created, the one-time privilege ID is created by the same target 30. If this is the case, the ID name of this one-time privileged ID will be "xxxxxx1235" ("xxxxx" is a character string predetermined for another user).

(Naming convention 2)
ID name = "random number with a predetermined number of digits"
At this time, the number of digits may be different depending on, for example, the OS (Operating System) of the target 30. Specifically, for example, the maximum number of characters that can be specified as the login ID by the OS may be the number of digits.

(Naming convention 3)
ID name = "32 characters excluding hyphens from UUID (Universally Unique Identifier)"
(Naming convention 4)
The log information in which the target 30 is attacked is analyzed, and a character string having low relevance to the attack is used as the ID name. At this time, the number of characters may be variable according to the time zone in which the target 30 is attacked. For example, if the time zone in which the target 30 is attacked overlaps with the usage period, the number of characters used as the ID name may be longer than usual.

It should be noted that which of the above naming conventions to use may be different depending on, for example, the user and the target 30.

As a result, the one-time privileged ID of the ID name named according to the predetermined naming convention is created in the corresponding target 30 in the invalidated state. As a result, the one-time privileged ID (and its password) is notified to the user terminal device 20 of the ID user. In the present embodiment, the one-time privilege ID is created after the approval of the workflow application, but for example, the one-time privilege ID may be created before the approval of the workflow application.

Further, as described above, the application processing unit 110 creates a one-time privileged ID by transmitting a privileged ID creation request specifying an ID name, an account group, or the like to the corresponding target 30. Therefore, for example, the creation of the one-time privileged ID may fail due to a communication failure of the network N, a server down of the target 30, or the like. In such a case, the application processing unit 110 may, for example, retransmit the privilege ID creation request to the target 30 after a predetermined time has elapsed (or a preset date and time).

<One-time privilege ID activation process>
Next, the flow of processing when the one-time privilege ID in the disabled state is enabled will be described with reference to FIG. FIG. 6 is a diagram for explaining an example of the flow of the one-time privileged ID activation process. The one-time privileged ID activation process shown in FIG. 6 is repeatedly executed at predetermined time intervals (for example, every few minutes).

First, the activation processing unit 120 refers to the one-time privilege ID information stored in the one-time privilege ID information storage unit 210, and determines whether or not there is a one-time privilege ID whose usage start date and time has come. (Step S201).

If it is determined in step S201 above that there is no one-time privilege ID whose usage start date and time has come, the one-time privilege ID activation process is terminated. On the other hand, if it is determined in step S201 that there is a one-time privilege ID whose usage start date and time has come, the process proceeds to step S202.

The activation processing unit 120 activates the one-time privilege ID whose usage start date and time has come (step S202). The activation processing unit 120 sends, for example, a privileged ID activation request specifying an ID name or the like to the corresponding target 30 (that is, a usage target included in the one-time privileged ID information related to the one-time privileged ID). , The one-time privileged ID can be activated.

When the one-time privilege ID is activated, the activation processing unit 120 updates the valid / invalid classification included in the one-time privilege ID information regarding the one-time privilege ID to the information indicating the activation state.

As a result, the one-time privilege ID whose usage start date and time has come is activated. When the one-time privilege ID is activated, for example, the user terminal device 20 may be notified that the one-time privilege ID has been activated.

As described above, the activation processing unit 120 activates the one-time privileged ID by transmitting the privileged ID activation request specifying the ID name and the like to the corresponding target 30. Therefore, for example, the activation of the one-time privileged ID may fail due to a communication failure of the network N, a server down of the target 30, or the like. In such a case, the activation processing unit 120 may, for example, retransmit the privileged ID activation request to the target 30 after a predetermined time has elapsed.

<One-time privilege ID invalidation process>
Next, the flow of processing when the one-time privilege ID in the enabled state is invalidated will be described with reference to FIG. 7. FIG. 7 is a diagram for explaining an example of the flow of the one-time privileged ID invalidation process. The one-time privileged ID invalidation process shown in FIG. 7 is repeatedly executed at predetermined time intervals (for example, every few minutes).

First, the invalidation processing unit 130 refers to the one-time privilege ID information stored in the one-time privilege ID information storage unit 210, and determines whether or not there is a one-time privilege ID whose usage end date and time has come. (Step S301).

If it is determined in step S301 that there is no one-time privilege ID whose usage end date and time has come, the one-time privilege ID invalidation process is terminated. On the other hand, if it is determined in step S301 that there is a one-time privilege ID whose usage end date and time has come, the process proceeds to step S302.

In general, when the use of the one-time privileged ID is completed, the ID user often makes an application for termination of use (for example, an application for termination of use by workflow). Therefore, in step S301 described above, it may be determined whether or not there is a one-time privileged ID for which the use-end application has been made, in addition to the one-time privileged ID whose use end date and time has come. Whether or not the usage termination application has been made may be determined, for example, by including the "use termination application category" in the one-time privilege ID information and referring to this usage application category.

The invalidation processing unit 130 invalidates the one-time privileged ID (and the one-time privileged ID for which the use termination application has been made) whose usage end date and time has come (step S302). The invalidation processing unit 130 sends, for example, a privileged ID invalidation request specifying an ID name or the like to the corresponding target 30 (that is, a usage target included in the one-time privileged ID information related to the one-time privileged ID). , The one-time privileged ID can be invalidated.

When the one-time privilege ID is invalidated, the invalidation processing unit 130 updates the valid / invalid classification included in the one-time privilege ID related to the one-time privilege ID to the information indicating the invalidation state.

As a result, the one-time privileged ID (and the one-time privileged ID for which the end-of-use application was made) whose use end date and time has come are invalidated. The one-time privileged ID (and the one-time privileged ID for which the end-of-use application was made) that has reached the end date and time of use may be deleted instead of being invalidated. However, it is preferable to invalidate the one-time privileged ID instead of deleting it, for example, in consideration of the case where the work using the one-time privileged ID becomes necessary again after the end of use.

As described above, the invalidation processing unit 130 invalidates the one-time privileged ID by transmitting a privileged ID invalidation request specifying an ID name or the like to the corresponding target 30. Therefore, for example, invalidation of the one-time privileged ID may fail due to a communication failure of the network N, a server down of the target 30, or the like. In such a case, the invalidation processing unit 130 may, for example, retransmit the privileged ID invalidation request to the target 30 after a predetermined time has elapsed.

<Summary>
As described above, in the ID management system 1 according to the present embodiment, the privileged ID of the ID name named according to the predetermined naming convention is created as the one-time privileged ID. Moreover, in this naming convention, the ID name of the privileged ID is not duplicated with other privileged IDs (that is, it is a one-time ID name). As a result, for example, it is possible to prevent a situation in which the ID name is guessed by a malicious attacker and the privileged ID is stolen, so that the security regarding the lending of the privileged ID can be improved.

In the present embodiment, the case where the one-time privileged ID is lent to the ID user has been described. However, as described above, the ID management system 1 according to the present embodiment has a normal privileged ID other than the one-time privileged ID. And general IDs can also be rented. Therefore, for example, it is possible to set whether or not to lend the one-time privileged ID in the entire system, set whether or not to lend out the one-time privileged ID for each target 30, or set each account group of the target 30. It may be possible to set whether or not to lend the one-time privileged ID, and it may be possible to set whether or not to lend out the one-time privileged ID for each workflow.

The present invention is not limited to the above-described embodiment disclosed specifically, and various modifications and modifications can be made without departing from the scope of claims.

1 ID management system 10 ID management device 20 Terminal device 30 Target 110 Application processing unit 120 Activation processing unit 130 Invalidation processing unit 210 One-time privileged ID information storage unit

Claims (7)

An account management system that manages the accounts of one or more servers that make up a business system.
An application processing unit that accepts account lending applications for which at least the identification information of the server is specified,
An account creation unit that creates a privileged account of the server indicated by the identification information specified in the account lending application accepted by the application processing unit with an account name that follows a predetermined naming convention.
Have,
The naming convention includes a variable number of characters in the account name depending on the time of day, an account management system. The account management system according to claim 1, wherein the time zone is a time zone in which the server is attacked. The account management system according to claim 1 or 2, wherein the naming convention includes making the number of characters variable according to the time zone and the usage period of the privileged account. The naming convention further includes, based on the analysis result of the log information when the server is attacked, a character string having a low relevance to the attack as the account name, according to claims 1 to 3. The account management system described in any one of the items. An account management device that manages the accounts of one or more servers that make up a business system.
An application processing unit that accepts account lending applications for which at least the identification information of the server is specified,
An account creation unit that creates a privileged account of the server indicated by the identification information specified in the account lending application accepted by the application processing unit with an account name that follows a predetermined naming convention.
Have,
The naming convention includes a variable number of characters in the account name depending on the time of day. The account management device that manages the accounts of one or more servers that make up the business system
An application processing procedure for accepting an account lending application for which at least the identification information of the server is specified, and
An account creation procedure for creating a privileged account on the server indicated by the identification information specified in the account lending application received in the application processing procedure with an account name according to a predetermined naming convention, and an account creation procedure.
And run
An account management method, wherein the naming convention includes varying the number of characters in the account name depending on the time of day. For the account management device that manages the accounts of one or more servers that make up the business system,
An application processing procedure for accepting an account lending application for which at least the identification information of the server is specified, and
An account creation procedure for creating a privileged account on the server indicated by the identification information specified in the account lending application received in the application processing procedure with an account name according to a predetermined naming convention, and an account creation procedure.
To execute,
The naming convention includes varying the number of characters in the account name depending on the time of day.

Images