JP2022165032A - Relay server and access control system - Google Patents

Abstract

To provide a relay server and an access control system with high convenience and improved security for a user relating to an access to an on-premises server by a user terminal on Internet.SOLUTION: A relay server generates unique inquiry information accessible to an on-premises server based on information of the on-premises server in S1, and when receiving an access from a terminal of a user in S2Y, determines an authentication of the user is permitted or not in S3. If the authentication of the user is permitted in S3Y, the inquiry information is presented to the terminal of the user in S4. Further, an access for an introduction situation is received from the terminal of the user in S5, and when the authentication is permitted in S5Y, a communication between the terminal of the user and the on-premises server is relayed in S6.SELECTED DRAWING: Figure 6

Description

The present invention relates to relay servers and access control systems.

In recent years, a system called cloud computing has made it possible for users to access from anywhere via the Internet, thereby improving user convenience.

On the other hand, from the viewpoint of security, there are many users who desire so-called on-premises system operation that reads information in devices placed in the user environment (for example, in the company). On-premise systems are said to be less likely to be attacked from the outside and have a lower risk of information leakage.

Also, in the conventional technology, a virtual private line is set up on the Internet called a VPN (Virtual Private Network), a dedicated network that can be used only by a specific person is established, and a connection between a terminal connected to the Internet and an on-premises network is established. There are technologies for intercommunicating with There is also a technology that connects mutually authenticated TLS (Transport Layer Security) tunnels between cloud (off-premises platform) and on-premises platform environments to transfer data (see paragraph 0032 of Patent Document 1). .

JP 2021-501929 A

Also, if a user's terminal connected via the Internet can access the on-premises, convenience for the user will increase, but since the terminal is connected via the Internet, there is a risk of information leakage. do.

Also, VPN is conceivable as a method for allowing a user's terminal to access on-premises, but there is a problem that the introduction cost is high and the burden on the user is heavy. Another problem with VPN is that if an on-premises server is compromised, other services and other servers within the LAN area can be accessed easily, and it is necessary to log in again after the connection is disconnected. There is also the problem that the communication speed slows down due to congestion.

The present invention has been made in view of the above-mentioned problems, and its object is to provide a relay server and an access control system that are highly convenient for users and have improved security when user terminals on the Internet access to on-premise servers. to provide.

(1) The present invention is
A relay server in which a user's terminal and an on-premise server are connected via the Internet, and each of the terminal and the on-premise server is connected via the Internet,
a query information generation unit that generates unique query information accessible to the on-premises server based on the information of the on-premises server;
a user control unit that manages user information of a user;
an authentication processing unit that determines whether or not to allow authentication of the user when access is received from the user's terminal;
a presentation unit that presents the inquiry information to the terminal of the user when the authentication of the user is permitted;
a relay processing unit that relays communication between the authenticated user terminal and the on-premises server;
relating to a relay server including

The present invention also relates to a program that causes a computer to function as each part of the relay server. The present invention also relates to an information storage medium storing the above program.

According to the present invention, when user authentication is permitted, unique inquiry information that can access an on-premises server is presented to the user's terminal, and the authentication-permitted user's terminal and the on-premises server By relaying communication with the server, it is possible to prevent unauthorized users from accessing the on-premises server and improve security.

(2) The server, program and information storage medium of the present invention are
The inquiry information generation unit
Different inquiry information may be generated for each on-premises server.

According to the present invention, when there are a plurality of on-premises servers, different inquiry information is generated for each on-premises server, so each of the plurality of on-premises servers can be appropriately managed and communication can be relayed.

(3) The server, program and information storage medium of the present invention are
The inquiry information generation unit
Different inquiry information may be generated for each service.

According to the present invention, when a plurality of services are provided by an on-premises server, different inquiry information is generated for each service, so each of the plurality of services can be appropriately managed and communication can be relayed.

(4) The server, program and information storage medium of the present invention are
The user control unit
For each user, based on the user's user information, determine whether the user can access each inquiry information,
The presentation unit
For each user, inquiry information accessible by the user may be presented on the terminal of the user.

According to the present invention, whether or not the user can access each item of inquiry information is determined for each user based on the user information of the user. In this way, it is possible to control access to the inquiry information by using the access control, and control can be performed considering both convenience and security.

(5) The present invention is
An access control system in which a user terminal, an on-premise server, and a relay server are connected via the Internet,
The relay server
a query information generation unit that generates unique query information accessible to the on-premises server based on the information of the on-premises server;
a user control unit that manages user information of a user;
an authentication processing unit that determines whether or not to allow authentication of the user when access is received from the user's terminal;
a presentation unit that presents the inquiry information to the terminal of the user when the authentication of the user is permitted;
a terminal of the user whose authentication is permitted, and a relay processing unit that relays communication with the on-premises server;
The on-premise server is
When access by the inquiry information is accepted from the terminal of the authenticated user via the relay server, the information indicated in the inquiry information is sent to the terminal of the user via the relay server. It relates to the presented access control system.

According to the present invention, when user authentication is permitted, unique inquiry information that can access an on-premises server is presented to the user's terminal, and the authentication-permitted user's terminal and the on-premises server By relaying communication with the server, it is possible to prevent unauthorized users from accessing the on-premises server and improve security.

An example of the network diagram of the access control system of this embodiment. 3 is a functional block diagram of the relay server 10 of this embodiment; FIG. FIG. 4 is a diagram for explaining relay processing according to the embodiment; An example of an access enable/disable flag of each inquiry information for each user of the present embodiment. The figure which shows an example of the screen displayed on the terminal of this embodiment. FIG. 4 is a flow chart diagram showing the flow of processing according to the present embodiment.

The present embodiment will be described below. It should be noted that the embodiments described below do not unduly limit the content of the present invention described in the claims. Moreover, not all the configurations described in the present embodiment are essential constituent elements of the present invention.

[1] Network FIG. 1 shows an example of a network diagram of an access control system. In the access control system of this embodiment, a relay server 10, a user terminal 20, and an on-premise server 30 are connected via a network (Internet).

In other words, the relay server 10 of the present embodiment is a server that is connected to each of the user's terminal 20 and the on-premises server 30 via the Internet and is set for the purpose of relaying communication between the terminal 20 and the server 30. .

The relay server 10 of this embodiment is an information processing device that manages user information and performs user authentication processing.

The terminal 20 is a client device, and is an information processing device such as a smart phone, a mobile phone, a PHS, a computer, a game device, a PDA, or an image generation device, and communicates with the relay server 10 via a network such as the Internet (WAN) or LAN. It is a connectable device.

The on-premise server 30 is a server constructed and operated by a user (for example, a company), and is an information processing device installed in a facility managed by the user.

The on-premise server 30 basically provides services that are not open to the outside (the Internet) (for example, services that are used only within the company or within a group, services that contain confidential information, internal mail servers, internal conference systems). However, as described below, in this embodiment, control is performed so that access to the on-premises server 30 via the relay server 10 is possible from the terminals 20 of some authenticated users. ing.

[2] Configuration FIG. 2 is an example of a functional block diagram of the relay server 10 of this embodiment. It should be noted that the relay server 10 of this embodiment does not need to include all of the units shown in FIG.

The storage unit 170 stores programs and various data for causing the computer to function as each unit of the processing unit 100 , and also functions as a storage area for the processing unit 100 .

Storage unit 170 includes a temporary storage area and a storage. A storage is a hard disk, an optical disk, a flash memory, a magnetic tape, or the like, and refers to a device that permanently stores data. The storage unit 170 may also store programs and data stored in the information storage medium 180 .

The storage unit 170 of this embodiment includes a main storage unit 171, a user information storage unit 172, and a query information storage unit 173, which are used as work areas. In addition, it is good also as a structure which abbreviate|omits some of these.

The main storage unit 171 can be implemented by a RAM or the like. The main storage unit 171 is a storage area used in the processing of this embodiment.

The user information storage unit 172 stores user information (user accounts, passwords, e-mail addresses, etc.). The user information storage unit 172 may be configured by a DB (DB is an abbreviation for database, the same shall apply hereinafter).

The inquiry information storage unit 173 stores inquiry information (URL). Note that the inquiry information storage unit 173 may be configured by a DB.

The information storage medium 180 (computer-readable medium) stores programs and data, and its functions include optical discs (CD, DVD), magneto-optical discs (MO), magnetic discs, hard disks, and magnetic tapes. , or a storage such as a memory (ROM).

The communication unit 196 performs various controls for communicating with the outside (for example, terminals, other servers, and other network systems), and its function is implemented by hardware such as various processors or communication ASICs. or by a program.

The processing unit 100 performs various processes of this embodiment based on programs (data) stored in the storage unit 170 or the information storage medium 180 .

The processing unit 100 (processor) performs various processes using the main storage unit 171 in the storage unit 170 as a work area. The functions of the processing unit 100 can be realized by hardware such as various processors (CPU, DSP, etc.) and programs.

The processing unit 100 includes a user control unit 111 , an authentication processing unit 112 , a query information generation unit 113 , a presentation unit 114 , a relay processing unit 115 and a web processing unit 120 .

The user control unit 111 manages user information of users. Further, the user control unit 111 may determine whether or not each user can access each item of inquiry information (each URL) based on the user information of the user.

The authentication processing unit 112 determines permission or rejection of authentication of the user when access is received from the terminal of the user.

The inquiry information generation unit 113 generates unique inquiry information (for example, URL) accessible to the on-premises server 30 based on the information of the on-premises server 30 .

For example, if there are a plurality of on-premises servers 30 , the inquiry information generation unit 113 may generate different inquiry information for each on-premises server 30 . Further, when there are a plurality of services, the inquiry information generation unit 113 may generate different inquiry information for each service.

The presentation unit 114 presents the inquiry information to the user's terminal 20 when the user's authentication is permitted.

The relay processing unit 115 relays communication between the user terminal 20 whose authentication is permitted and the on-premises server 30 .

The web processing unit 120 transmits (provides) data such as HTML (Hyper Text Markup Language) documents and images in response to requests from client software such as a web browser installed in the terminal 20 via HTTP (Hypertext Transfer Protocol). ), and the processing of receiving the data accepted by the web browser of the terminal. Then, the server performs mail processing, DB update processing, and the like based on the information received from each terminal of the administrator or user.

The web processing unit 120 performs processing for transmitting (providing) data for management settings to the administrator's terminal 20 in response to an access request from the web browser of the administrator's terminal 20. A process of receiving information may be performed.

In other words, the web processing unit 120 may add, delete, update, etc. each data to the DB based on the input from the administrator. Only the administrator is authorized to access the Web page (URL) for the administrator.

The web processing unit 120 also performs a login process and a process of controlling a web page of information related to the logged-in user to be browseable in response to a request from the web browser of the terminal 20 .

Part or all of the processing of the processing unit 100 and the storage unit 170 may be executed by one device, or may be distributed to different devices according to the purpose of the processing so that each processing is executed. may

[3] Description of Agent As shown in FIG. 3, an agent program is installed in a given device on the on-premise side that exists within the on-premise network (LAN). In other words, the on-premise device in which the agent program is installed can be rephrased as an agent (agent device).

For example, the on-premise device may be the on-premise server 30 (server 30A or server 30B) or, although not shown, a terminal 20X connected to the on-premise server 30 (server 30A or server 30B). The terminal 20X is an information processing device that exists within the same network environment (within the LAN) as the on-premises server 30 .

The agent stores "on-premise server 30 information" including the IP address, host name, and service information (each port number) of the on-premise server 30 in advance in the storage unit of the agent.

Here, "service" indicates a service for the TCP/IP network protocol. Also, "service" may be interpreted as a port number for identifying a service.

For example, when an agent is installed on the on-premises server 30, the storage unit of the on-premises server 30 stores "information on the on-premises server 30". Also, when an agent is installed in the terminal 20X, the "information on the on-premise server 30" is stored in the storage unit of the terminal 20X.

An agent may manage multiple on-premises servers 30 (eg, server 30A and server 30B). Also, an agent may manage only one on-premises server 30 (for example, server 30A). In such a case, there will be one agent corresponding to one on-premises server 30 .

Also, the agent may manage multiple services of the on-premises server 30 (for example, service SA and service SB). Also, the agent may manage only one service (for example, service SA) of the on-premises server 30 . In such case, there will be one agent corresponding to one service.

In addition, the agent controls activation (validation) and termination (invalidation) of services of the on-premise server 30 managed by the agent. For example, the agent can control to start or stop the service of the on-premises server 30 based on information input by the administrator of the access control system.

[4] Description of Generating Inquiry Information Based on the information of the on-premise server 30 , the relay server 10 generates unique inquiry information accessible to the on-premise server 30 .

The inquiry information is a global URL disclosed by the relay server 10 to authenticated users. For example, it is a URL for accessing a network within an organization (for example, inside the company) from a user's terminal 20 existing outside (outside the organization, outside the company) such as on the Internet.

Here, the “inquiry information” can be, for example, a URL for uniquely specifying a web page on the Internet using a protocol such as HTTP (Hyper Text Transfer Protocol) or HTTPS (Hyper Text Transfer Protocol Secure). Note that the inquiry information may be information about a server capable of transmitting and receiving data using another communication protocol such as FTP (File Transfer Protocol). For example, if the inquiry information is a URL, the inquiry information is generated according to a predetermined URL format.

When the agent activates the service, it establishes a TCP connection (for example, Long-Lived TCP Connection) to the relay server 10 and transmits query information generation request information to the relay server 10 . Then, the relay server 10 generates inquiry information corresponding to the service of the server managed by the agent at the timing of receiving inquiry information generation request information from the agent. Note that the connection may also be called a tunnel.

For example, when the agent activates the service SA of the on-premises server 30A (for example, a Web service on port 80), a TCP connection is established between the service SA and the relay server 10, and the service SA is sent to the relay server 10. Send the request information to generate inquiry information. Then, at the timing when the relay server 10 receives inquiry information generation request information from the agent, the inquiry information L1 (for example, "https://example1.com.hennge.io/") corresponding to the service SA is sent to Generate. This connection and the inquiry information L1 have a corresponding relationship.

Specifically, relay server 10 executes an application program, which is a tunneling tool, to generate a URL. This application program performs a process of exposing the service running on the local environment to the outside so that it can be accessed from the Internet.

For example, the relay server 10, based on the information of the service SA of the on-premises server 30A stored in the agent (for example, the host name of the on-premises server 30A, the IP address, the port number "80" of the service SA, etc.), The application program is executed to obtain a publicly available URL (for example, "https://xxxx.xxxx.io/"). The acquired URL may be used as the inquiry information itself, but in this embodiment, the domain of the acquired URL is transferred to the domain of the relay server 10 by setting the DNS (domain name server) based on the information input by the administrator. Let the changed URL (for example, "https://example1.com.hennge.io/") be inquiry information L1.

Also, when the agent activates the service SB of the on-premises server 30A, the service SC, and the service SD of the on-premises server 30B, the relay server 10 responds to each service in the same way as when the service SA is activated. Generates query information to

That is, when the agent activates the service SB of the on-premises server 30A (for example, the HTTPS service of port 443), a TCP connection is established between the service SB and the relay server 10, and the service SB is sent to the relay server 10. Send the request information to generate inquiry information. Then, at the timing when the relay server 10 receives inquiry information generation request information from the agent, the inquiry information L2 (for example, "https://example2.com.hennge.io/") corresponding to the service SB is sent to Generate. Based on the information of the service SB of the on-premises server 30A stored in the agent (for example, the host name and IP address of the on-premises server 30A, the port number of the service SB "443", etc.), the relay server 10 Generate inquiry information L2.

Also, when the agent activates the service SC (for example, a web service on port 80) of the on-premises server 30B, a TCP connection is established between the service SC and the relay server 10, and the service SB is sent to the relay server 10. Send the request information to generate inquiry information. Then, at the timing when the relay server 10 receives inquiry information generation request information from the agent, the inquiry information L3 (for example, "https://example3.com.hennge.io/") corresponding to the service SC is sent to the relay server 10. Generate. Based on the information of the service SC of the on-premises server 30B stored in the agent (for example, the host name, IP address of the on-premises server 30B, port number "80" of the service SC, etc.), the relay server 10 Generate inquiry information L3.

Also, when the agent activates the service SD of the on-premise server 30B (for example, the HTTPS service of port 443), a TCP connection is established between the service SD and the relay server 10, and the service SD is sent to the relay server 10. Send the request information to generate inquiry information. Then, at the timing when the relay server 10 receives inquiry information generation request information from the agent, the inquiry information L4 (for example, "https://example4.com.hennge.io/") corresponding to the service SD is sent to Generate. Based on the information of the service SD of the on-premises server 30B stored in the agent (for example, the host name, IP address of the on-premises server 30B, port number "443" of the service SD, etc.), the relay server 10 Generate inquiry information L4.

That is, when there are a plurality of on-premises servers 30 , the relay server 10 generates different inquiry information for each on-premises server 30 . As a result, in this embodiment, it is possible to perform detailed access control for each on-premises server.

Also, when there are a plurality of services, the relay server 10 generates different query information for each service. In other words, in this embodiment, access control can be performed in detail on a service-by-service basis (port-by-port basis).

[5] Description of User Information The relay server 10 manages user information of users. In particular, the relay server 10 of this embodiment determines whether or not each user can access each piece of inquiry information (each URL) based on the user information of the user.

For example, the relay server 10 may determine whether or not each piece of inquiry information is accessible based on various types of information (host name and service of the server) of the on-premises server 30 corresponding to each piece of inquiry information. The user information also includes information on attributes to which the user belongs (group name, department name, position, etc.). The relay server 10 may determine whether or not each item of inquiry information is accessible based on the attributes of the user.

For example, as shown in FIG. 4, an access enable/disable flag for each piece of inquiry information is set in association with the user ID of each user. "1" is set when accessible, and "0" is set when inaccessible (access prohibited). Relay server 10 may store in inquiry information storage unit 173 an access permission/prohibition flag for each piece of inquiry information associated with a user ID for each user.

For example, user A (user ID=A) can access query information L1, L2, and L3. User B (user ID=B) can access only inquiry information L2. Also, user C (user ID=C) can access inquiry information L1, L3, and L4. User D (user ID=D) can access only inquiry information L4.

Thus, in this embodiment, each user can access the on-premise server 30
can decide. Further, in the present embodiment, services that can be accessed by the on-premise server 30 can be determined for each user. In this way, it is possible to disclose the minimum necessary information to the users who need it. In addition, network traffic related to services can be minimized.

Note that the relay server 10 may manage user information for each organization (for example, each company, each group, each school, each department).

[6] Description of Authentication Processing Upon receiving access from a user, the relay server 10 determines whether or not to allow user authentication. In this embodiment, it is determined that user authentication is permitted when at least one of the following methods (A) to (H) is determined to be valid for the user. On the other hand, when it is determined that neither method is valid, it is determined that user authentication is to be refused.

Since multi-factor authentication can improve security, it is determined that at least two of the multiple methods (A) to (H) (for example, (A) and (B)) are valid. If so, it may be determined that the user's authentication is permitted.

(A) Password Authentication Various authentication methods are conceivable. For example, an account (user ID) and password are defined in advance for each user, the user inputs the account and password, and the terminal 20 of the user transmits the account and password to the relay server 10 . The relay server 10 determines that the user is valid when the user's account and password received from the user's terminal 20 match the user's account and password registered in the relay server 10.例文帳に追加

Also, the password may be a one-time password that is effective only once. For example, a one-time password generation program that generates a one-time password having the same algorithm as that of the relay server 10 is installed in the terminal 20 in advance, and authentication is performed using the one-time password. For example, the one-time password generation program installed on the terminal 20 and the one-time password generation program installed on the relay server 10 have the same algorithm and seed number. This means that the password and the password generated by the relay server 10 match. For example, the one-time password generation program performs a process of generating a one-time password based on the time and seed number at predetermined intervals (for example, every 30 seconds).

(B) External Authentication When receiving access from a user, the relay server 10 entrusts authentication of the user on an external authentication server (authentication authority).

For example, the relay server 10 determines user authentication by an external authentication server (authentication authority), and determines legitimacy of the user based on information received from the authentication server. If the information received from the authentication server includes user information (e.g., e-mail address), and if the user information matches the user information managed by the relay server 10, it is determined that the user is legitimate.

In this embodiment, the user needs to register user information (for example, account and password) corresponding to the destination user in advance in the external authentication server.

Further, there may be multiple types of authentication servers such as Google (registered trademark), Amazon (registered trademark), and Facebook (registered trademark), and an instruction to select one authentication server may be received from the user. Then, the relay server 10 entrusts authentication to the selected authentication server.

(C) Biometric Authentication For example, biometric information (face, fingerprint, vein) for each user is registered in the relay server 10 in advance, and the user inputs the biometric information, transmits it to the relay server 10, and receives it from the user's terminal 20. If the user's biometric information matches the user's biometric information registered in the relay server 10, it is determined that the user is legitimate.

(D) Authentication using second terminal (smartphone, etc.) For example, the relay server 10 registers in advance the terminal identification information of the second terminal in association with the user's account using a given method. Then, the user's legitimacy may be determined using the terminal identification information of the second terminal.

(E) Phone number authentication For example, the relay server 10 may register the user's phone number using a given method, and use the user's phone number to determine the user's legitimacy.

(F) SSL Client Certificate The relay server 10 determines whether or not the SSL (Secure Socket Layer) client certificate sent from the terminal 20 is valid, and if the SSL client certificate is valid, the user It may be determined that there is legitimacy.

(G) Processing for user authentication without using a password The relay server 10 may execute processing for user authentication without using a password (public key-based user authentication processing). For example, the relay server 10 may use FIDO (registered trademark) or FIDO2 authentication processing to determine whether or not the user is legitimate. For example, FIDO2 is composed of CTAP (Client To Authenticator Protocol) and WebAuthn (Web Authentication API), and allows user authentication via the Web browser of terminal 20 .

(H) Other User Authentication Process The relay server 10 may use various authentication processes other than those described above to determine whether or not the user is legitimate.

[7] Description of presentation of inquiry information Relay server 10 presents inquiry information to user's terminal 20 when user authentication is permitted. Here, "presentation" means notification and display by a web page. Also, “presentation” may mean that the relay server 10 enables presentation on the terminal 20 of the user.

"Presentation" means that the relay server 10 sends to the terminal 20 an electronic mail (mail magazine or the like) that is sent and received by SMTP, or that the relay server 10 sends an email using a given protocol, not limited to SMTP. , push notification (displaying a message window in a part of the terminal (smartphone) screen (such as the top)), and presenting a predetermined screen of a predetermined application (banner display screen, notification screen, pop-up screen, etc.) (control to display and allow viewing).

In addition, the relay server 10 may send information to the requested terminal 20 in response to a request from the terminal 20 of the user as one mode of "presentation".

Then, when the on-premises server 30 receives access from the terminal 20 of the user whose authentication is permitted by the inquiry information via the relay server, the on-premises server 30 transmits the information indicated in the inquiry information via the relay server 10. Presented on the terminal 20 of the user.

For example, taking User A as an example, when the relay server 10 accepts access from the terminal 20A of User A, first, an authentication screen is presented. Then, when the authentication of user A is permitted, as shown in FIG. 5, the relay server 10 displays a screen Sc1 (inquiry information list screen) presenting inquiry information accessible to user A on the terminal 20A of user A. present.

For example, as shown in FIG. 4, User A has access to query information L1, L2, L3. Therefore, as shown in FIG. 5, inquiry information L1, L2, and L3 are presented on the on-premises information screen Sc1. Incidentally, as shown in FIG. 5, the relay server 10 may present the information of the on-premises server corresponding to each of the inquiry information L1, L2, and L3. Although the inquiry information displayed on the screen Sc1 is displayed in a URL format for convenience of explanation, a link (hyperlink) to the inquiry information may be displayed.

When user A wants to access service SA of on-premises server 30A, user A can easily access service SA of on-premises server 30A with one click on inquiry information L1. For example, when relay server 10 receives access to inquiry information L1 from user A's terminal 20A, relay server 10 receives information corresponding to inquiry information L1 (for example, information on the web page of inquiry information L1) from on-premises server 30A. , to the user terminal 20 .

[8] Description of Relay Processing Next, the relay processing performed by the relay server 10 will be specifically described with reference to FIG. For example, as shown in FIG. 3, service SA and service SB of on-premises server 30A and service SC and service SD of on-premises server 30B are activated by agents corresponding to the services, and send TCP to relay server 10. Suppose the connection is stretched.

For example, an example in which the relay server 10 relays communication between the user A's terminal 20A and the service SA of the on-premises server 30A will be described.

First, when the relay server 10 accepts access to the inquiry information L1 from the terminal 20A of the user A, the relay server 10 determines whether or not the authentication of the user A is permitted. In addition, if the relay server 10 is within a predetermined period of time from when the authentication of user A is permitted (for example, within a period of 10 minutes from the time of permitting authentication of user A), the relay server 10 performs the process of determining whether or not the authentication of user A is permitted. may be omitted.

Also, when relay server 10 receives inquiry information "https://example1.com.hennge.io/" from terminal 20A, the protocol specified by the inquiry information (for example, URL) from terminal 20A. This means that access to the web server "example1.com.hennge.io" of the relay server 10 has been accepted through (for example, the HTTPS protocol).

Then, when the authentication of user A is permitted, the relay server 10 can determine that the access to the inquiry information L1 is the access to the service SA of the on-premises server 30A. to relay communication between service SA and terminal 20A.

The agent corresponding to the service SA determines that the information transmitted through the connection is the service SA (port 80) of the on-premises server 30, and transmits (conveys) it to the service SA (port 80). will do.

As a result, the terminal 20A can access the on-premises server 30A from the outside via the relay server 10. FIG.

The relay server 10 relays communication between the terminal 20 of the user whose authentication is permitted and the service SA only while the agent is activating the service SA. That is, when the service SA is stopped, the relay server 10 cannot communicate between the terminal 20 of the user whose authentication is permitted and the service SA.

Also, the agent can manage a plurality of services, and establishes a connection with the relay server 10 for each service. Therefore, for example, when an agent manages service SA and service SB, relay server 10 receives service SA corresponding to inquiry information L1 when an authenticated terminal 20A accesses inquiry information L1. connection. Also, when the terminal 20A for which authentication is permitted accesses the inquiry information L2, the relay server 10 uses the connection of the service SB corresponding to the inquiry information L2.

Then, the agent determines which service (which port) of the on-premise server 30A the information transmitted from the terminal 20A via the relay server 10 reaches. For example, when the received information is the information transmitted through the service SA connection, the agent transmits the information to the service SA (port number 80) of the on-premises server 30A, and the received information is transmitted through the service SB connection. If it is the transmitted information, the information is transmitted to the service SB (port 443) of the server 30A.

As described above, in this embodiment, the terminal 20A does not directly access the on-premise server 30A without going through the relay server 10, so a safe network environment can be realized. In addition, in this embodiment, permission of user authentication is a condition for accessing the on-premises server, so unauthorized access can be prevented.

Further, in this embodiment, when the terminal 20 communicates with the on-premise server 30 via the relay server 10, data may be encrypted using SSL or TLS.

[9] Flowchart The processing flow of the relay server of this embodiment will be described with reference to FIG. For convenience of explanation, the processing for user A will be explained. First, based on the information of the on-premises server 30, inquiry information that can be accessed with respect to the on-premises server 30 is generated (step S1).

Then, it is determined whether or not access has been received from terminal 20A of user A (step S2). When access is accepted from the terminal 20A of the user A (Y in step S2), it is determined whether or not to permit the authentication of the user A (permission/denial) (step S3).

If the authentication of user A is permitted (Y of step S3), the inquiry information is presented to user A's terminal 20A (step S4). On the other hand, if the authentication of user A is not permitted (rejected) (N in step S3), the process ends.

Then, it is determined whether or not access to the inquiry information has been received from the terminal 20A of the user A (step S5). When access to the inquiry information is received from the terminal 20A of user A (Y in step S5), communication between the terminal 20A of user A and the on-premises server 30 is relayed (step S6). For example, the relay server 10 receives information from the terminal 20A, transmits it to the on-premises server 30, receives information according to the inquiry information from the on-premises server 30, and transmits it to the terminal 20A. The process ends here.

[10] Authentication of on-premise device After permitting user authentication, the relay server 10 may further delegate authentication to an on-premise device (for example, an agent). In other words, the relay server 10 may perform control so that communication between the terminal 20 and the on-premises server 30 becomes possible when the authentication by the on-premises device is finally permitted.

[11] Cloud services and single sign-on In addition, the relay server 10 is an information processing device capable of performing secure access and authentication to a given cloud service for terminals 20 connected via the Internet for communication. may be Cloud services include various services such as Microsoft 365 (registered trademark), Google (registered trademark), Slack (registered trademark), and Zoom (registered trademark). Then, the relay server 10 controls so as to be able to provide the cloud service to the user for whom user authentication is permitted.

For example, the relay server 10 may be controlled by SAML (Security Assertion Markup Language) so that users can collectively use multiple cloud services with single sign-on.

[12] Others The present invention is not limited to those described in the above embodiments, and various modifications are possible. For example, a term cited as a broad definition or a synonymous term in the description in the specification or drawings can be replaced with a broad definition or a synonymous term in other descriptions in the specification or drawings.

10 servers, 20 terminals, 30 on-premise servers,
100 processing unit 111 user control unit 112 authentication processing unit 113 inquiry information generation unit 114 presentation unit 115 relay processing unit 120 web processing unit 170 storage unit 171 main storage unit 172 user information storage unit 173 inquiry information storage unit, 180 information storage medium, 196 communication unit

Claims (5)

A relay server in which a user's terminal and an on-premise server are connected via the Internet, and each of the terminal and the on-premise server is connected via the Internet,
a query information generation unit that generates unique query information accessible to the on-premises server based on the information of the on-premises server;
a user control unit that manages user information of a user;
an authentication processing unit that determines whether or not to allow authentication of the user when access is received from the user's terminal;
a presentation unit that presents the inquiry information to the terminal of the user when the authentication of the user is permitted;
a relay processing unit that relays communication between the authenticated user terminal and the on-premises server;
A relay server characterized by comprising: In claim 1,
The inquiry information generation unit
A relay server characterized by generating different inquiry information for each on-premises server. In claim 1 or 2,
The inquiry information generation unit
A relay server characterized by generating different inquiry information for each service. In any one of claims 1 to 3,
The user control unit
For each user, based on the user's user information, determine whether the user can access each inquiry information,
The presentation unit
A relay server that presents, for each user, inquiry information that can be accessed by the user on a terminal of the user. An access control system in which a user terminal, an on-premise server, and a relay server are connected via the Internet,
The relay server
a query information generation unit that generates unique query information accessible to the on-premises server based on the information of the on-premises server;
a user control unit that manages user information of a user;
an authentication processing unit that determines whether or not to allow authentication of the user when access is received from the user's terminal;
a presentation unit that presents the inquiry information to the terminal of the user when the authentication of the user is permitted;
a terminal of the user whose authentication is permitted, and a relay processing unit that relays communication with the on-premise server;
The on-premise server is
When access by the inquiry information is accepted from the terminal of the authenticated user via the relay server, the information indicated in the inquiry information is sent to the terminal of the user via the relay server. An access control system characterized by:

Images