JP2022120271A - Access controller - Google Patents

Abstract

To provide a technology for improving information security of a target device when an operator and a supervisor are distant from each other.SOLUTION: An access controller 18 stores application information which is applied from an operator and approved by an administrator, the information including identification information of the operator and identification information of a supervisor. The access controller 18 receives a log-in request of the operator from an operator terminal 14, and a log-in request of the supervisor from a supervisor terminal 16. The access controller 18 permits log-in of the operator when the log-in request of the operator complies with the application information, as one condition, and permits log-in of the supervisor when the log-in request of the supervisor complies with the application information, as one condition. When access information on a device 12 used by the operator for input is permitted by the supervisor, the access controller 18 accesses the device 12 on the basis of the access information, and allows the operator terminal 14 to access the device 12.SELECTED DRAWING: Figure 1

Description

TECHNICAL FIELD The present disclosure relates to data processing technology, and more particularly to an access control device.

The present applicant has discovered that even when the operator and the supervisor are in a remote location, the supervisor can monitor the operator's operation of the work target device in real time, and subject to the permission of the supervisor, the operator can monitor the work target device. We propose a technology that enables work.

Patent No. 6351426

The present inventor believes that Patent Document 1 does not sufficiently disclose a mechanism for confirming the legitimacy of a supervisor (re-supervisor), and that there is room for improvement in order to improve the information security of the work target device. thought.

The present disclosure has been made based on the above recognition of the present inventors, and one object thereof is to provide a technique for improving information security of a work target device when a worker and a re-inspector are in a separate location. to do.

In order to solve the above problems, an access control device according to one aspect of the present disclosure includes application information previously applied for by a worker who remotely operates a work target device and approved in advance by a manager to identify the worker. a storage unit for storing application information including information and identification information of re-incarcerated persons; The reception unit permits the worker to log in when the conditions are satisfied, including that the worker's login request matches the worker's identification information indicated by the application information, and the reinvestigator's login request a log-in processing unit that permits the re-incarcer's login when conditions including match with the identification information of the re-incarcerate shown are satisfied; and an access information reception unit that receives the access information. The access information is displayed on the re-convict's terminal, and if the re-convict has permitted the access information, a permission detection unit that detects that, and if it is detected that the re-convict has permitted the access information, A communication control unit that enables access to the work target device from the terminal of the worker by connecting with the work target device based on the access information.

It should be noted that any combination of the above constituent elements and expressions of the present disclosure converted between systems, methods, computer programs, recording media storing computer programs, etc. are also effective as aspects of the present disclosure.

According to the present disclosure, it is possible to improve the information security of the work target device when the worker and the re-inspector are in separate locations.

1 is a diagram showing the configuration of a computer system of a first embodiment; FIG. 2 is a block diagram showing functional blocks of the access control device of the first embodiment; FIG. 4 is a sequence diagram showing the operation of the computer system of the first embodiment; FIG. It is a figure which shows the example of a re-monitoring person screen. FIG. 11 is a block diagram showing functional blocks of an access control device according to a second embodiment; FIG. FIG. 11 is a sequence diagram showing the operation of the computer system of the second embodiment; It is a figure which shows the example of a user screen. FIG. 11 is a block diagram showing functional blocks of an access control device according to a third embodiment; FIG. 12 is a sequence diagram showing the operation of the computer system of the third embodiment; It is a figure which shows the example of a 1st re-invector screen. It is a figure which shows the example of a 2nd reviewer screen.

The apparatus or method subject of the present disclosure comprises a computer. The main functions of the apparatus or method of the present disclosure are realized by the computer executing the computer program. A computer has a processor that operates according to a computer program as a main hardware configuration. Any type of processor can be used as long as it can implement functions by executing a computer program. A processor is composed of one or more electronic circuits including a semiconductor integrated circuit (IC, LSI, etc.). A computer program is recorded in a non-temporary recording medium such as a computer-readable ROM, optical disk, hard disk drive, or the like. The computer program may be pre-stored in a recording medium, or may be supplied to the recording medium via a wide area network including the Internet.

An outline of the embodiment will be described. Up until now, maintenance work for various servers used for important purposes has often been done in pairs of workers and supervisors in order to prevent work mistakes and unauthorized work. rice field. In addition, until now, the security of servers has been enhanced by physically limiting the place where server maintenance operations can be performed (for example, by limiting access to the server room) and restricting access to and from that place.

In Patent Document 1, the present applicant has disclosed that when a worker and a supervisor are in a separate place, the supervisor monitors the details of the worker's work on the work target device in real time, and the supervisor's permission is obtained. We have proposed a technique that enables work on the work target device under the condition of However, Patent Literature 1 does not sufficiently disclose a mechanism for confirming the legitimacy of an observer (re-incarcerate). In the following first to third embodiments, a technique for further improving the information security of the work target device by providing a mechanism for confirming the legitimacy of the supervisor (re-supervisor) is proposed.

<First embodiment>
FIG. 1 shows the configuration of a computer system 10 of the first embodiment. A computer system 10 is an information processing system built in a company. The computer system 10 includes a work target device 12a, a work target device 12b, and a work target device 12c (collectively referred to as "work target devices 12"), a worker terminal 14, a resuperintendent terminal 16, and access control. A device 18 is provided.

The work target device 12 is an information processing device on which work such as maintenance is performed by a worker, and is, for example, a server that constitutes a company's backbone system or information system. A specific work target device 12 on which work is performed among the plurality of work target devices 12 shown in FIG. 1 is hereinafter simply referred to as a "work target device 12".

The worker terminal 14 is an information processing terminal operated by a worker who remotely operates the work target device 12 for work such as maintenance. The re-superintendent terminal 16 is an information processing terminal operated by a re-supervisor who re-supervises (can be said to confirm) the work of the worker. The operator terminal 14 and the re-inspector terminal 16 may be, for example, PCs, tablet terminals, and smart phones.

The access control device 18 is an information processing device that functions as a stepping stone for accessing the work target device 12 and mediates access from the worker terminal 14 to the work target device 12 . The access control device 18 controls whether or not the worker terminal 14 can access the work target device 12 . The access control device 18 also receives a command transmitted from the worker terminal 14 and transfers the command to the work target device 12 .

In the first embodiment, the work target device 12 directly accesses (in other words, logs in to) the access control device 18 . As a modification, the work target device 12 may access the shared terminal 20 once and access the access control device 18 using the shared terminal 20 as a stepping stone.

The work target device 12, the access control device 18, and the shared terminal 20 may be located in a company's office or data center. The worker terminal 14 may be placed at the worker's home. The re-jailer terminal 16 may be located at the home of the re-jailer. These devices are connected via a communication network including LAN, WAN, Internet, and the like. For example, the worker terminal 14 and the access control device 18 (or the work target device 12 and the shared terminal 20) may perform encrypted communication via a VPN (Virtual Private Network) or the like. Further, the re-monitoring terminal 16 and the access control device 18 may perform encrypted communication via VPN or the like.

It should be noted that the worker and the second supervisor proceed with the work on the work target device 12 while communicating (conversation, etc.) using a known web conference system, video conference system, telephone, or the like.

FIG. 2 is a block diagram showing functional blocks of the access control device 18 of the first embodiment. The access control device 18 includes a control section 30 , a storage section 32 and a communication section 34 . Each block shown in the block diagrams of this specification can be realized by computer processors, CPUs, memory and other elements, electronic circuits, and mechanical devices in terms of hardware, and can be realized by computer programs etc. in terms of software. However, here, the functional blocks realized by their cooperation are drawn. Therefore, those skilled in the art will understand that these functional blocks can be realized in various ways by combining hardware and software. The functions of multiple blocks shown in the block diagram may be implemented in one computer or may be implemented in multiple computers in a distributed manner.

The control unit 30 executes various data processing related to access control to the work target device 12 . The storage unit 32 stores data referenced or updated by the control unit 30 . The communication unit 34 communicates with an external device according to a predetermined communication protocol. The control unit 30 transmits and receives data to and from the work target device 12 , the worker terminal 14 , the resupervisor terminal 16 , and the shared terminal 20 via the communication unit 34 .

Storage unit 32 includes application information storage unit 36 , internal account storage unit 38 , and external account storage unit 40 . The application information storage unit 36 stores application information including details about the work of the work target device 12, which is applied in advance by the worker and approved in advance by the manager (for example, the worker's superior).

The application information includes (1) worker ID (in other words, applicant ID), (2) worker's name, (3) re-supervisor ID, (4) re-supervisor's name, and (5) work target device 12 (6) scheduled end time of access to the work target device 12; (7) information of the work target device 12 to be accessed; (8) terminal information of the access source; (10) Contents of application (details of work, etc.). (7) The information of the work target device 12 to be accessed includes identification information of the work target device 12 and account information for logging in to the work target device 12. In the first embodiment, the IP address of the work target device 12 (or host name) and login ID. (8) The access source terminal information may include the IP address of the worker terminal 14 , and may include the IP address of the shared terminal 20 when accessing the access control device 18 via the shared terminal 20 .

The internal account storage unit 38 associates and stores worker IDs and passwords as worker account information for logging into the access control device 18 . Further, the internal account storage unit 38 associates and stores the re-convict ID and password as the re-convict's account information for logging in to the access control device 18 .

The external account storage unit 40 stores account information for logging into the work target device 12 . The external account storage unit 40 stores one or more account information (set of login ID and password) determined for each work target device 12 for each of the plurality of work target devices 12 .

The application information storage unit 36, the internal account storage unit 38, and the external account storage unit 40 may be arranged in an external device of the access control device 18. The access control device 18 may access the external device via the communication network and refer to or update data in the application information storage unit 36, the internal account storage unit 38, and the external account storage unit 40. That is, the access control device 18 may be configured to be able to access the application information storage unit 36 , the internal account storage unit 38 and the external account storage unit 40 .

The control unit 30 includes an application information reception unit 42, a login request reception unit 44, a login processing unit 46, an access information reception unit 48, a collation unit 50, a notification unit 52, an access information provision unit 54, a permission detection unit 56, and a communication control unit. 58 , a command reception unit 60 and a command transfer unit 62 . A computer program in which the functions of the plurality of functional blocks in the control unit 30 are implemented may be stored in a recording medium and installed in the storage of the access control device 18 via the recording medium. Alternatively, the computer program may be downloaded via a communication network and installed in the storage of the access control device 18 . The CPU of the access control device 18 may display the functions of the plurality of blocks by reading the computer program into the main memory and executing it.

The application information receiving unit 42 receives from the worker terminal 14 application information that has been applied in advance by the worker and approved in advance by the manager. As a modification, the application information receiving unit 42 may receive application information from a terminal of an administrator (not shown). The application information reception unit 42 stores the received application information in the application information storage unit 36 .

The login request accepting unit 44 accepts a login request for a worker from the worker terminal 14 and a login request for a re-incarcerate from the re-incarcerate terminal 16 . The worker's login request includes a worker ID and a password assigned in advance to the worker. The re-jailer login request includes the re-jailer's pre-assigned re-jailer ID and password.

The login processing unit 46 permits the worker to log in when a condition including that the worker's login request matches the worker's identification information indicated by the application information stored in the application information storage unit 36 is satisfied. do. Specifically, the login processing unit 46 confirms that the worker ID indicated by the worker's login request matches the worker ID indicated by the application information, and the combination of the worker ID and password indicated by the worker's login request. matches the set of the worker ID and password stored in the internal account storage unit 38, it is determined that the worker is valid, and the worker's login is permitted.

If a condition including that the login request of the re-incarcerated person matches the identification information of the re-incarcerated person indicated by the application information stored in the application information storage unit 36, the login processing unit 46 Allow login. Specifically, the login processing unit 46 confirms that the re-convict ID indicated by the re-convict's login request matches the re-convict ID indicated by the application information and the re-convict person indicated by the re-convict's login request. If the pair of ID and password matches the pair of re-incarcerate ID and password stored in the internal account storage unit 38, it is determined that the re-incarcerator is valid, and the re-incarcerator's login is permitted.

As a modification, the application information may specify the identification information of the group to which the re-convict belongs (organization ID, etc.) as the identification information of the re-convict. The internal account storage unit 38 may store group identification information in association with IDs of users (re-incarcers) belonging to the group. The login processing unit 46 confirms that the re-convict ID indicated by the re-convict's login request is associated with the group identification information indicated by the application information, and that the re-convict ID indicated by the re-convict's login request is associated with the identification information of the group indicated by the application information. If the password pair matches a re-monitoring ID and password pair stored in internal account storage 38, the re-monitoring person may be permitted to log in.

The access information reception unit 48 receives access information regarding the work target device, which is input by the worker and is transmitted from the worker terminal 14 . The access information includes the IP address (or host name) of the work target device 12 to be accessed and the login ID to the work target device 12 . However, the access information of the embodiment does not include the password corresponding to the login ID to the work target device 12 .

The collation unit 50 collates the application information stored in the application information storage unit 36 with the access information transmitted from the worker terminal 14 . For example, if the set of the IP address and login ID of the work target device 12 indicated by the application information matches the set of the IP address and login ID of the work target device 12 indicated by the access information, the collation unit 50 and the access information match.

When it is determined that the application information stored in the application information storage unit 36 matches the access information transmitted from the worker terminal 14, the notification unit 52 repeats the content prompting the user to log in to the access control device 18. Notify the supervisor. For example, the notification unit 52 may send an e-mail or message containing content such as "Please log in to the access control device 18" to the re-convict terminal 16, and cause the re-convict terminal 16 to display the above content. good.

The access information providing unit 54 provides the access information received by the access information receiving unit 48 to the re-convict terminal 16 and causes the re-convict terminal 16 to display the access information. The access information providing unit 54 provides the access information to the re-incarcerate terminal 16 on condition that the login processing unit 46 permits the re-incarcerate's login. As a result, the access information entered by the worker is presented to the legitimate re-incarcerate specified in the application information.

The permission detection unit 56 detects that, based on the data input from the re-imprisoner's terminal 16, when the re-imprisoner permits the access information. When it is detected that the re-inspector has permitted the access information, the communication control unit 58 connects to the work target device 12 based on the access information input by the worker, thereby allowing the work target device to be accessed from the worker terminal 14. 12. The communication control unit 58 of the first embodiment allows the access information to be granted by the re-incarcerated person, and if the verification unit 50 determines that the access information and the application information match, the work target specified by the access information It connects with the device 12 and establishes a communication session between the access control device 18 and the work target device 12 .

The command reception unit 60 receives the operation content (specifically, the data of the command input by the worker) for the work target device 12 transmitted from the worker terminal 14 . The command transfer unit 62 transfers the data of the command transmitted from the worker terminal 14 to the work target device 12, so that the command input by the worker can be transferred with the authority of the account (login ID) specified in the access information. , is executed by the work target device 12 . The command transfer unit 62 transmits command data to the work target device 12 via the communication session established by the communication control unit 58 between the access control device 18 and the work target device 12 .

The operation of the computer system 10 of the first embodiment configured as above will be described.
FIG. 3 is a sequence diagram showing the operation of the computer system 10 of the first embodiment. Although not shown, the worker applies in advance to the manager for application information regarding the work of the work target device 12, and the manager approves the application information. The work target device 12 transmits the application information approved by the administrator to the access control device 18 . The application information reception unit 42 of the access control device 18 receives application information and stores the application information in the application information storage unit 36 .

When the scheduled access start time defined in the application information approaches, the worker inputs a pre-assigned worker ID and password for logging in to the access control device 18 into the worker terminal 14 . The worker terminal 14 transmits a worker login request including the worker ID and password to the access control device 18 in response to the worker's operation (S10). The login request reception unit 44 of the access control device 18 receives the login request of the worker. The login processing unit 46 of the access control device 18 confirms that the worker ID indicated by the worker's login request matches the worker ID indicated by the application information stored in the application information storage unit 36, and the worker's login request If the set of worker ID and password indicated by matches the set of worker ID and password stored in the internal account storage unit 38, the worker is permitted to log in (S11). If the operator's login is not permitted, subsequent processing is aborted.

The login processing unit 46 of the access control device 18 notifies the operator terminal 14 that the operator's login is permitted. The worker inputs access information (the IP address and login ID of the work target device 12 ) on the work target device 12 to be accessed into the worker terminal 14 . The worker terminal 14 transmits the access information input by the worker to the access control device 18 (S12). The access information reception unit 48 of the access control device 18 receives the access information transmitted from the worker terminal 14, and the collation unit 50 collates the access information and the application information (S13).

When the access information and the application information match, the notification unit 52 of the access control device 18 notifies the re-incarcerate terminal 16 of the contents of prompting the login to the access control device 18 (S14). The re-monitoring terminal 16 displays a message prompting the user to log in to the access control device 18 . The re-convict enters the pre-assigned re-convict ID and password for logging into the access control device 18 into the re-convict terminal 16 . The re-convict terminal 16 transmits the re-convict's login request including the re-convict's ID and password to the access control device 18 in response to the re-convict's operation (S15).

On the other hand, if the access information and the application information are inconsistent, the access control device 18 suspends a series of processes related to connection to the work target device 12 . The access control device 18 transmits to the worker terminal 14 a request for re-input of the access information, and causes the worker terminal 14 to display the content.

Following S15, the login request acceptance unit 44 of the access control device 18 accepts the login request of the re-imprisoner. The login processing unit 46 of the access control device 18 confirms that the re-incarcerate ID indicated by the login request of the re-incarcerator matches the re-incarcerator ID indicated by the application information stored in the application information storage unit 36, and If the combination of the re-incarcerate ID and password indicated by the person's login request matches the combination of the re-indictor ID and password stored in the internal account storage unit 38, the re-incarcerator's login is permitted (S16). When the re-monitoring person's login is permitted, the access information providing unit 54 of the access control device 18 generates a re-monitoring screen including access information, and transmits the re-monitoring screen data to the re-monitoring terminal 16. (S17).

On the other hand, the login processing unit 46 of the access control device 18 determines that the re-incarcerate ID indicated by the login request of the re-incarcerator does not match the re-incarcerate ID indicated by the application information stored in the application information storage unit 36, or If the combination of the re-incarcerator ID and password indicated by the re-incarcerator's login request does not match the combination of the re-incarcerator ID and password stored in the internal account storage unit 38, the reincarcer's login is denied. . If the re-investigator's login is rejected, the access control device 18 suspends a series of processes relating to connection to the work target device 12 . The access control device 18 transmits to the worker terminal 14 a request for re-input of the access information, and causes the worker terminal 14 to display the content.

Following S17, the re-imprisoner terminal 16 displays the re-imprisoner screen provided from the access control device 18 (S18). FIG. 4 shows an example of a re-imprisoner screen. The reviewer screen 70 includes access information 72 , an allow button 74 and a reject button 76 . The re-imprisoner confirms the access information 72 and selects the allow button 74 or the reject button 76 . When the rejection button 76 is selected, the re-inspector terminal 16 transmits to the access control device 18 information indicating that the access to the work target device 12 has been rejected. In this case, the access control device 18 suspends a series of processes related to connection to the work target device 12 . The access control device 18 transmits to the worker terminal 14 a request for re-input of the access information, and causes the worker terminal 14 to display the content.

In the example of FIG. 3, the re-imprisoner confirms the access information 72 and selects the allow button 74 . The re-superintendent terminal 16 transmits access permission information indicating that access to the work target device 12 is permitted to the access control device 18 (S19). The permission detection unit 56 of the access control device 18 detects that the re-convict has permitted the access information input by the worker upon receipt of the access permission information transmitted from the re-convict terminal 16. - 特許庁When permission of the re-inspector is detected, the communication control unit 58 of the access control device 18 establishes a connection with the work target device 12 based on the access information (S20).

Specifically, the communication control unit 58 connects to the work target device 12 using the IP address of the work target device 12 determined by the access information. Further, the communication control unit 58 uses the login ID to the work target device 12 determined by the access information and the password corresponding to the login ID to the work target device 12 stored in the external account storage unit 40 to perform the work. Log in to the target device 12 . The communication control unit 58 of the access control device 18 notifies the worker terminal 14 that the login to the work target device 12 has been completed (S21), and the worker terminal 14 indicates that the login to the work target device 12 has been completed. Information is displayed (S22).

The worker inputs a command for the work target device 12 to the worker terminal 14 . The worker terminal 14 transmits the command input by the worker to the access control device 18 (S23). A command reception unit 60 of the access control device 18 receives a command input by the operator, which is transmitted from the operator terminal 14 . The command transfer unit 62 of the access control device 18 transfers the command input by the worker to the work target device 12 (S24). The work target device 12 receives and executes the command input by the worker, which is transferred by the access control device 18 (S25).

The access control device 18 of the first embodiment is configured so that a valid operator indicated by the application information approved by the administrator operates the work target device, and a valid re-inspector indicated by the application information is entered by the operator. When both conditions of permitting the access information are satisfied, access from the work target device 12 to the re-superintendent terminal 16 (in other words, operation of the work target device 12 by the worker) is allowed. Thereby, the information security of the work target device 12 can be improved. For example, when a person different from the authorized worker indicated by the application information operates the work target device 12, access from the work target device 12 to the re-inspector terminal 16 can be prohibited, and the authorized worker indicated by the application information can If a person different from the re-imposed re-imprisoner permits the access information, access from the work target device 12 to the re-imposed re-imprisoner terminal 16 can be prohibited.

In addition, in the access control device 18 of the first embodiment, when the permission detection unit 56 detects that the re-imprisoner has permitted the access information and the verification unit 50 determines that the access information matches the application information, In addition, access from the work target device 12 to the re-inspector terminal 16 is enabled. As a result, it is possible to prevent access to the work target device 12 that deviates from the contents of the application information approved by the administrator.

Further, when the access information is received from the work target device 12, the access control device 18 of the first embodiment notifies the re-monitoring person of the content prompting the re-monitoring person to log in to the access control device 18, and present access information to the re-incarcerate if authorized. As a result, the access information entered by the worker can be quickly presented to the authorized worker.

<Second embodiment>
A second embodiment of the present disclosure will be described with a focus on points that are different from the first embodiment, and descriptions of common points will be omitted. It goes without saying that the features of the second embodiment can be arbitrarily combined with the features of the first embodiment and the features of the modifications. Components of the second embodiment that are the same as or correspond to those of the first embodiment will be appropriately assigned the same reference numerals.

The configuration of the computer system 10 of the second embodiment is similar to that of the computer system 10 of the first embodiment shown in FIG. In the computer system 10 of the second embodiment, the operator terminal 14 and the reinvestigator terminal 16 share screens using a known web conference system.

FIG. 5 is a block diagram showing functional blocks of the access control device 18 of the second embodiment. The control unit of the access control device 18 of the second embodiment includes an application information reception unit 42, a login request reception unit 44, a login processing unit 46, a user screen provision unit 64, an access information reception unit 48, a verification unit 50, a notification unit 52 , a permission detection unit 56 , a communication control unit 58 , a command reception unit 60 , and a command transfer unit 62 .

The user screen providing unit 64 transmits to the worker terminal 14 user screen data including an input screen for access information to the work target device 12 and an input screen for authentication information of the re-superintendent. The operator terminal 14 displays a user screen. The user screen is also displayed on the re-monitoring terminal 16 by the screen sharing function of the web conference system. The permission detection unit 56 detects that the re-incarcer has permitted the access information when the re-incarcer's authentication based on the re-incarcer's authentication information entered on the user screen (authentication information input screen) is successful. do.

The operation of the computer system 10 of the second embodiment will be explained.
FIG. 6 is a sequence diagram showing the operation of the computer system 10 of the second embodiment. As in the first embodiment, the application information storage unit 36 of the access control device 18 stores in advance the application information applied by the worker and approved by the administrator. The operator terminal 14 and the re-inspector terminal 16 start screen sharing (S30). For example, the operator terminal 14 transmits the data of the screen being displayed on its own terminal to the reinvestigator terminal 16 via a known web conference system. The re-superintendent terminal 16 also displays the screen being displayed on the worker terminal 14 received via the web conference system on its own terminal. In FIG. 6, the range in which the screen is shared between the worker terminal 14 and the re-inspector terminal 16 is indicated by a dashed line.

Since the processes of S31 and S32 are the same as the processes of S10 and S11 of FIG. 3, description thereof is omitted. When the operator's login is permitted, the user screen providing unit 64 of the access control device 18 transmits the user screen data to the operator terminal 14 (S33). The operator terminal 14 displays the user screen provided from the access control device 18 (S34). The user screen is also displayed on the re-monitoring terminal 16 via the web conference system. FIG. 7 shows an example of a user screen. The user screen 80 includes an access information input area 82 , an access information transmission button 84 , an authentication information input area 86 and an authentication information transmission button 88 .

The worker inputs access information about the work target device 12 to be accessed into the access information input area 82 of the user screen 80 and selects the access information transmission button 84 . The worker terminal 14 transmits the access information input in the access information input area 82 to the access control device 18 (S35). The access information reception unit 48 of the access control device 18 receives the access information transmitted from the worker terminal 14, and the collation unit 50 collates the access information and the application information (S36).

When the access information and the application information match, the content prompting the re-incarcer to log in to the access control device 18 is sent to the worker terminal 14, and the content is displayed on the worker terminal 14 (for example, the user screen 80). (S37). The operator uses a well-known function of the web conference system to transfer the authority to operate the user screen 80 to the re-superintendent (re-supervisor terminal 16) (S38). The re-incarcerate checks the access information entered in the access information input area 82 of the user screen 80, and if the content is correct, enters his own authentication information in the authentication information input area 86. ) and select the send authentication information button 88 . The re-monitoring terminal 16 transmits the authentication information entered in the authentication information input area 86 to the access control device 18 (S39).

On the other hand, if the access information and the application information are inconsistent, the access control device 18 suspends a series of processes related to connection to the work target device 12 . The access control device 18 transmits to the worker terminal 14 a request for re-input of the access information, and causes the worker terminal 14 to display the content.

Following S39, the login request receiving unit 44 of the access control device 18 receives the authentication information of the re-imprisoner. The login processing unit 46 of the access control device 18 confirms that the re-incarcerator ID indicated by the authentication information of the re-incarcerator matches the re-incarcerator ID indicated by the application information stored in the application information storage unit 36, and If the pair of re-incarcerate ID and password indicated by the person's authentication information matches the pair of re-incarcerator ID and password stored in the internal account storage unit 38, it is determined that the re-incarcerator has been successfully authenticated, In other words, the re-incarcer's login is permitted (S40).

On the other hand, the login processing unit 46 of the access control device 18 determines that the re-incarcerated person ID indicated by the re-incarcerated person's authentication information does not match the re-incarcerated person ID indicated by the application information stored in the application information storage unit 36, or If the combination of the re-incarcerate ID and password indicated by the re-incarcerate's authentication information does not match the combination of the re-incarcerator's ID and password stored in the internal account storage unit 38, the authentication of the re-convict has failed. In other words, the re-incarcer's login is denied. If the authentication of the re-investigator fails, the access control device 18 suspends a series of processes relating to connection to the work target device 12 . The access control device 18 transmits to the worker terminal 14 a request for re-input of the access information, and causes the worker terminal 14 to display the content.

The permission detection unit 56 of the access control device 18 detects that the re-imprisoner has permitted the access information entered by the worker upon determining that the re-imprisoner has been successfully authenticated. The communication control unit 58 of the access control device 18 establishes a connection with the work target device 12 (S41). The communication control unit 58 notifies the worker terminal 14 of the completion of login to the work target device 12 (S42). Since the processing of S43 to S45 is the same as the processing of S23 to S25 in FIG. 3, the description thereof is omitted.

In the second embodiment, the screen sharing function of the web conference system allows the terminal application screen (that is, the screen for inputting commands to the work target device 12) displayed on the worker terminal 14 to be sent to the re-supervisor terminal 16 as well. Is displayed. If the worker inputs an illegal command, the reviewer tries to interrupt the worker's work by voice or the like. If the operator does not stop inputting or sending unauthorized commands, the reinvestigator uses a known function of the web conference system to transfer the operation authority of the terminal application screen from the operator terminal 14 to the reinsurance terminal 16. (S46). In other words, the reincarcer takes away the operator's authority to operate the terminal application screen. This prevents unauthorized operation of the work target device 12 by the worker.

The access control device 18 of the second embodiment has the same effects as the access control device 18 of the first embodiment. In addition, in the second embodiment, the re-superintendent can monitor the operation contents (commands, etc.) of the work target device 12 by the worker and prevent unauthorized operation, so that the information security of the work target device 12 can be further improved. can be done.

<Third embodiment>
The third embodiment of the present disclosure will be described with a focus on points that are different from the first embodiment, and descriptions of common points will be omitted. It goes without saying that the features of the third embodiment can be arbitrarily combined with the features of the first embodiment and the features of the modifications. Components of the third embodiment that are the same as or correspond to those of the first embodiment will be appropriately assigned the same reference numerals.

The configuration of the computer system 10 of the third embodiment is similar to that of the computer system 10 of the first embodiment shown in FIG. FIG. 8 is a block diagram showing functional blocks of the access control device 18 of the third embodiment. The control unit of the access control device 18 of the third embodiment includes an application information reception unit 42, a login request reception unit 44, a login processing unit 46, an access information reception unit 48, a collation unit 50, a notification unit 52, an access information provision unit 54 , a permission detection unit 56 , a re-monitoring person screen providing unit 66 , a communication control unit 58 , a command reception unit 60 , and a command transfer unit 62 .

As in the second embodiment, in the computer system 10 of the third embodiment, the access information entered by the operator and the entry screen for the re-incarcerate's authentication information are displayed on the re-incarcerate's terminal 16 . The permission detection unit 56 of the access control device 18 detects that the re-convict has permitted the access information when the re-convict has been successfully authenticated based on the re-convict's authentication information entered on the input screen. .

The internal account storage unit 38 of the access control device 18 stores the operator's account information and the re-convict's account information, as well as authentication information that proves that the re-convict is a re-convict. The reviewer's authentication information may be the same as the reviewer's account information (eg, a reviewer ID and password pair) or may be different. The re-incarcer's authentication information, which is different from the re-incarcer's account information, may be biometric information such as the re-incarcer's fingerprint, vein pattern, etc., which is dynamically generated and provided to the re-incarcer. It may be a time password.

Further, when it is detected that the re-monitoring person has permitted the access information, the re-monitoring person screen providing unit 66 of the access control device 18 provides a re-monitoring information indicating a command transmitted from the worker terminal 14 to the work target device 12 . The re-monitoring person screen (second re-monitoring screen described later) is displayed on the re-monitoring terminal 16 . The re-monitoring screen is configured to transmit the input command to the access control device 18 when a command for the work target device 12 is input by the re-monitoring person. The command transfer unit 62 of the access control device 18 sends the command input on the re-monitoring screen to the work target device 12 .

The operation of the computer system 10 of the third embodiment will be explained.
FIG. 9 is a sequence diagram showing the operation of the computer system 10 of the third embodiment. As in the first embodiment, the application information storage unit 36 of the access control device 18 stores in advance the application information applied by the worker and approved by the administrator. Since the processing of S50 to S56 is the same as the processing of S10 to S16 in FIG. 3, the description thereof is omitted.

When the re-convict is permitted to log in, the access information providing unit 54 of the access control device 18 transmits the first re-convict screen data indicating the access information entered by the operator to the re-convict terminal 16 ( S57). The re-monitoring terminal 16 displays the first re-monitoring screen (S58). FIG. 10 shows an example of the first reviewer screen. The first reviewer screen 90 includes an access information display area 92 , an authentication information input area 94 and an authentication information transmission button 96 . The reincarcer confirms the content of the access information display area 92, and if the content is correct, enters his own authentication information in the authentication information input area 94 and selects the authentication information transmission button 96.

Returning to FIG. 9, the re-convict terminal 16 transmits the authentication information entered in the authentication information input area 94 of the first re-convict screen 90 to the access control device 18 (S59). As described above, the authentication information of the re-incarcerated person may be a set of the operator ID and password, or may be the biometric information of the operator. It may be a one-time password separately provided to the terminal 16).

The login request accepting unit 44 of the access control device 18 accepts the authentication information of the re-incarcerated person transmitted from the re-incarcerated person's terminal 16 . If the authentication information of the re-incarcerated person sent from the re-incarcerated person terminal 16 matches the authentication information of the re-incarcerated person pre-stored in the internal account storage unit 38, the login processing unit 46 performs authentication of the re-incarcerated person. It is determined to have succeeded (S60). The permission detection unit 56 detects that the re-incarcerator has permitted the access information entered by the worker when it is determined that the re-incarcerator has been successfully authenticated based on the re-convict's authentication information. The re-monitoring screen providing unit 66 transmits the data of the second re-monitoring screen displaying the details of the operator's operation on the work target device 12 to the re-monitoring terminal 16 (S61).

On the other hand, the login processing unit 46 of the access control device 18 determines that the authentication information of the re-incarcerated person sent from the re-incarcerated person terminal 16 is inconsistent with the authentication information of the re-incarcerated person previously stored in the internal account storage unit 38. If so, it is determined that the re-incarcerate authentication has failed. If the authentication of the re-investigator fails, the access control device 18 suspends a series of processes relating to connection to the work target device 12 . The access control device 18 transmits to the worker terminal 14 a request for re-input of the access information, and causes the worker terminal 14 to display the content.

Following S61, the re-incarcerate terminal 16 displays the second re-incarcerate screen (S62). FIG. 11 shows an example of the second reviewer screen. The second re-jailer screen 100 includes a re-jailer console screen 102 . The re-superintendent console screen 102 displays commands that are input by the worker to operate the work target device 12 and that are transmitted from the worker terminal 14 . Further, the re-incarcerated console screen 102 is configured to receive command input by the re-incarcerated person and to transmit the input command to the access control device 18 . For example, the data on the re-incarcerate console screen 102 may include a JavaScript® program that sends commands entered by the re-incarnate to the access controller 18 .

Returning to FIG. 9, the communication control unit 58 of the access control device 18 establishes a connection with the work target device 12 (S63). The communication control unit 58 notifies the worker terminal 14 of the completion of login to the work target device 12 (S64). The worker terminal 14 transmits the command input by the worker to the access control device 18 (S65). A command reception unit 60 of the access control device 18 receives a command input by the operator, which is transmitted from the operator terminal 14 . The command transfer unit 62 transfers the command input by the worker to the resupervisor terminal 16 and the work target device 12 (S66).

The re-monitoring terminal 16 causes the re-monitoring console screen 102 to display the command sent from the access control device 18 and input by the operator (S67). Further, the work target device 12 executes the command input by the worker, which is transmitted from the access control device 18 (S68).

As in the second embodiment, also in the third embodiment, the content of the operator's operation (command) on the work target device 12 is displayed on the re-superintendent terminal 16 . If the worker inputs an illegal command, the reviewer tries to interrupt the worker's work by voice or the like. If the worker does not stop inputting or transmitting illegal commands, the re-instructor inputs a command (for example, a shutdown command, etc.) related to work stoppage on the re-instructor's console screen 102, and inputs a predetermined transmission operation. The re-monitoring terminal 16 transmits the command input by the re-monitoring to the access control device 18 (S69). The command transfer unit 62 of the access control device 18 transfers the command input by the re-inspector to the work target device 12 (S70). The work target device 12 executes the command input by the re-inspector (S71).

The access control device 18 of the third embodiment has the same effects as the access control device 18 of the first embodiment. Further, in the third embodiment, as in the second embodiment, the content of operations (commands, etc.) of the work target device 12 by the worker can be monitored by the second supervisor to prevent unauthorized operation. information security can be further improved.

The present disclosure has been described above based on the first to third embodiments. Those skilled in the art will understand that the contents described in these examples are examples, and that various modifications are possible in combinations of the components and processing processes of the embodiments, and such modifications are within the scope of the present disclosure. It is about to be done.

A first modification applicable to the first to third embodiments will be described. Each of the application information and the access information may further include a password corresponding to the login ID to the work target device 12 . The matching unit 50 of the access control device 18 determines whether the set of the IP address, login ID, and password of the work target device 12 indicated by the application information and the set of the IP address, login ID, and password of the work target device 12 indicated by the access information are matched. If they match, it may be determined that the application information and the access information match. The communication control unit 58 of the access control device 18 may establish a connection with the work target device 12 using a set of a login ID and a password for the work target device 12 determined by the access information.

A second modification applicable to the third embodiment will be described. The second reviewer console screen 102 of the second reviewer screen 100 may display the response data of the work target device 12 to the command input by the operator. In this case, the command transfer unit 62 of the access control device 18 may transmit the response data of the work target device 12 to the command input by the worker to the worker terminal 14 and to the re-inspector terminal 16 . The re-monitoring terminal 16 may display the response data of the work target device 12 transmitted from the access control device 18 on the re-monitoring console screen 102 .

Any combination of the above-described examples and modifications is also useful as an embodiment of the present disclosure. A new embodiment resulting from the combination has the effects of each combined embodiment and modified example. It should also be understood by those skilled in the art that the functions to be fulfilled by each constituent element described in the claims are realized by each constituent element shown in the embodiments and modified examples singly or in conjunction with each other.

10 computer system 12 work target device 14 worker terminal 16 re-inspector terminal 18 access control device 36 application information storage unit 44 login request reception unit 46 login processing unit 48 access information reception unit 52 notification Section 54 Access Information Providing Section 56 Permission Detection Section 58 Communication Control Section 62 Command Transfer Section 66 Re-Prisoner Screen Providing Section.

Claims (5)

A memory for storing application information that is applied in advance by a worker who remotely operates a work target device and is approved in advance by a manager, and includes the identification information of the worker and the identification information of the re-superintendent. Department and
a login request accepting unit that accepts a login request of the worker from the terminal of the worker and a login request of the reinstatement from the terminal of the reinstatement;
If a condition including that the worker's login request matches the worker's identification information indicated by the application information is satisfied, the worker's login is permitted, and the re-inspector's login request is accepted by the application. a login processing unit that permits login of the re-incarcerated person when a condition including matching with the identification information of the re-incarcerated person indicated by the information is satisfied;
an access information reception unit that receives access information about the work target device input by the worker from the terminal of the worker;
the access information is displayed on the terminal of the re-incarcerated person;
a permission detection unit for detecting when the re-imprisoner has permitted the access information;
When it is detected that the re-superintendent has permitted the access information, the terminal of the worker can access the work target device by connecting to the work target device based on the access information. The access control device further comprising: a communication control unit for each of the application information and the access information includes identification information of the work target device and account information for logging into the work target device;
The communication control unit connects to the work target device based on the access information when the re-inspector permits the access information and the access information matches the application information.
The access control device according to claim 1. a notification unit for notifying the reinvestigator of content prompting him/her to log in to the access control device when the access information is received from the terminal of the worker;
an access information providing unit that provides the access information to the terminal of the re-incarcerated person when the login of the re-incarcerated person is permitted;
3. The access control device according to claim 1 or 2. The terminal of the re-incarcerated person displays the access information and an input screen of the authentication information of the re-incarcerated person,
The permission detection unit detects that the re-convict has permitted the access information when authentication of the re-convict based on the re-convict's authentication information input to the input screen is successful.
4. The access control device according to any one of claims 1 to 3. causing the re-inspector's terminal to display a re-inspection screen showing a command transmitted from the worker's terminal to the work target device when it is detected that the re-inspection has permitted the access information; a supervisor screen providing unit;
and a command transfer unit,
The re-monitoring screen is configured to transmit the input command to the access control device when a command for the work target device is input by the re-monitoring person,
wherein the command transfer unit transmits the command input on the re-inspector screen to the work target device;
5. The access control device according to any one of claims 1 to 4.

Images