JP4991406B2 - Information processing apparatus, information processing method, and program - Google Patents

Description

  The present invention relates to an information processing apparatus, an information processing method, and a program including a copying machine, a printing machine, a facsimile machine, a multifunction machine, and a computer.

Conventionally, the number of user identification failures when receiving access from the outside is counted for each address of the access request source, and for the access from the request source that satisfies the predetermined condition There has been an information processing apparatus (see, for example, Patent Document 1) that prevents leakage of a password by preventing a response from being returned.
JP 2006-79359 A

However, in the information processing apparatus as described above, it is possible to prevent password leakage due to password cracking, which is an attack for analyzing and finding another person's password, but sending a large amount of data or illegal packets to the information processing apparatus service. There was a problem that it was not possible to deal with DoS attacks that hindered provision.
The present invention has been made in view of the above points, and an object of the present invention is to prevent both the leakage of a password and the suspension of services due to unauthorized excessive access.

In order to achieve the above object, the present invention provides the following information processing apparatus, information processing method, and program.
(1) An authentication means for receiving an access request from a user and authentication information of the user by communication, and authenticating the user of the access request source based on the received authentication information, and authentication by the authentication means A determination unit that determines, based on the result, a user whose authentication success count is equal to or greater than a threshold value within a predetermined time and a user whose authentication failure count is equal to or greater than a threshold value within a predetermined time; An information processing apparatus comprising control means for controlling to reject an access request from a user determined by.
(2) In the information processing apparatus as described above, in the control for rejecting the access request, the information processing is performed such that authentication by the authentication unit is performed and the requested process is not performed regardless of the authentication result. apparatus.

(3) In the information processing apparatus as described above, even if a predetermined elapsed time has elapsed since the start of refusal of an access request for a user whose successful authentication has exceeded the threshold value within a predetermined time, When there is no authentication success, the access request rejection is canceled, and for a user whose authentication failure count exceeds the threshold value within a predetermined time, a predetermined elapsed time has elapsed since the start of the access request rejection. An information processing apparatus provided with means for canceling rejection of an access request when there is no new authentication failure.
(4) An information processing apparatus provided with means for changing the predetermined time or the threshold value in the information processing apparatus as described above.
(5) In the information processing apparatus as described above, the number of successes and the number of failures are represented by a predetermined time associated with the number of successful authentications and a predetermined time associated with the number of failed operations. Starts refusing access requests for users who have exceeded the threshold within a predetermined time and users whose authentication failure count has exceeded the threshold within the predetermined time. An information processing apparatus provided with means for setting a predetermined elapsed time from a different value.

(6) An authentication step of receiving an access request from a user and authentication information of the user by communication, and authenticating the user of the access request source based on the received authentication information, and authentication by the authentication step Based on the result, a determination step of determining a user whose authentication success count is equal to or greater than a threshold value within a predetermined time and a user whose authentication failure count is equal to or greater than a threshold value within a predetermined time, and the determination step An information processing method comprising: a control step of controlling to reject an access request from a user determined by.

(7) In the information processing method as described above, even if a predetermined elapsed time has elapsed since the start of refusal of an access request for a user whose successful authentication has exceeded the threshold value within a predetermined time, When there is no authentication success, the access request rejection is canceled, and for a user whose authentication failure count exceeds the threshold value within a predetermined time, a predetermined elapsed time has elapsed since the start of the access request rejection. An information processing method provided with a step of canceling denial of an access request when there is no new authentication failure.

(8) An authentication procedure for receiving an access request from a user and authentication information of the user by communication and authenticating the access requesting user based on the received authentication information, and the authentication A determination procedure for determining, based on the authentication result of the procedure, a user whose authentication success count is equal to or greater than a threshold value within a predetermined time and a user whose authentication failure count is equal to or greater than a threshold value within a predetermined time; A program for executing a control procedure for controlling to reject an access request from a user determined by the determination procedure.

The information processing apparatus and the information processing method according to the present invention can prevent both a leakage of a password and a service stop due to unauthorized excessive access.
In addition, the program according to the present invention can cause a computer to realize a function for preventing both a leakage of a password and a service stop due to unauthorized excessive access.

Hereinafter, the best mode for carrying out the present invention will be specifically described with reference to the drawings.
〔Example〕
FIG. 1 is a block diagram showing a configuration of a network including an information processing apparatus according to an embodiment of the present invention.
This network includes an information processing apparatus 1 capable of exchanging data with each other by wired or wireless communication and a plurality of host computers 2 to 4. Although many other information processing apparatuses and host computers are connected to this network, they are not shown in the figure.

The information processing apparatus 1 is an image processing apparatus including a copying machine, a printing machine, a multifunction peripheral, an image forming apparatus, a personal computer, various computers including a workstation, and a network device including a router, and includes a CPU, a ROM, and a RAM. SNMP processing unit 10, authentication unit 11, threat determination unit 12, management table storage unit 13, access control unit 14, network interface (I / F) unit 15, wireless local area network interface (LAN Each functional unit including an (I / F) unit 16 is provided.
Here, the network I / F unit and the wireless LAN / I / F unit may be plural or not plural, and may be operated simultaneously or separately.

The SNMP processing unit 10 performs processing for acquiring information of each of the host computers 2 to 4 by SNMP.
Based on the packet passed from the access control unit 14, the authentication unit 11 performs a process of authenticating the user of the access request source that transmitted the packet, and returns the authentication result to the access control unit 14.
The threat determination unit 12 receives the authentication result and information included in the packet passed from the access control unit 14, and registers the management table in the management table 13 and updates the management table based on the authentication result and the information. Based on the information in the updated management table, for each access source host computer, a determination is made as to whether a DoS attack or a password crack attack is under threat or during monitoring, and the determination result is returned to the access control unit 14.

The management table storage unit 13 stores information such as information for identifying an access source host computer in the management table, information indicating a threatening state or a monitoring state for each host computer, and information such as the last access time from each host computer. sign up.
The access control unit 14 accepts a packet received by the network I / F unit 15 or the wireless LAN / I / F unit 16 based on the determination result returned from the threat determination unit 12 and permits an access request in response. Or whether to discard the packet and reject the access request without responding.
The network I / F unit 15 performs data communication with the host computers 2 and 3 connected by wire, and sends packets transmitted from the host computers 2 and 3 to the access control unit 14.
The wireless LAN / I / F unit 16 communicates data with the host computer 4 wirelessly and sends a packet transmitted from the host computer 4 to the access control unit 14.

  Each of the host computers 2 to 4 includes a microcomputer composed of a CPU, a ROM, and a RAM. The host computers 2 to 4 have various functional units realized by the microcomputer and authenticate the user when accessing the information processing apparatus 1. Send a packet containing information for.

FIG. 2 is an explanatory diagram illustrating an example of data registered in the DoS management table among the management tables stored in the management table storage unit 13.
The DoS management table is a table for managing a DoS (denial of service) attack. The DoS attack is performed by the information processing apparatus 1 serving a legitimate user when the attacker accesses the information processing apparatus 1 in large quantities. When the threat determination unit 12 returns the determination result of the DoS attack threat state to the access control unit 14 based on the information of the DoS management table, the access control unit 14 The access request from the access source host computer is rejected.

In this DoS management table, host name, status, counter value, and time information are registered.
The host name is the host name of each host computer that has made an access request.
The state is information on a state determined by the information processing apparatus for the host computer of each host name, and is in a state in which a packet from the host computer is determined to be in a DoS attack threat or in a state in which a DoS attack is being monitored. It is the information which shows.
The counter value is the number of accesses for each host computer since the DoS attack is being monitored.
As the time, the monitoring start time at which the DoS attack check is started for each host computer or the threat end time indicating the end time of the DoS attack threat for each host computer is registered.

Note that the information in the remarks column in the figure indicates the description of the monitoring start time and the threat end time, and is not registered in the DoS management table.
Further, instead of the host name, the IP address of the host computer may be used, and any information may be used as long as the information can identify the host computer that has accessed.
Further, in the DoS management table, the above information about a host computer that is neither threatened nor monitored by a DoS attack is not registered and managed.

FIG. 3 is an explanatory diagram showing an example of data registered in the password crack management table in the management table stored in the management table storage unit 13.
The password crack management table is a table that manages password cracking attacks. The password cracking attack is correct by allowing a large number of passwords to be used by an attacker who does not know the password. When the threat determination unit 12 returns a determination result regarding the threat of the password cracking attack to the access control unit 14 based on the information in the password crack management table, the access control unit 14 determines the access source host. Deny access requests from computers.

In this way, when authentication is performed using a large number of passwords, a large number of authentication failures occur. Therefore, an access request from an access source in which a large number of authentication failures occurred is regarded as a password cracking attack and the access request is rejected. .
Similar to the DoS management table, host name, status, counter value, and time information are registered in this password crack management table.

The host name is the host name of each host computer that has made an access request.
The status is information on the status determined by the information processing device for the host computer of each host name, and the access request from the host computer is in the state of being in the threat of password cracking attack or in the state of being monitored for password cracking attack. It is information indicating whether or not there is.
The counter value is the number of accesses for each host computer since the password cracking attack is being monitored.
As the time, a monitoring start time at which a check for a password crack attack is started for each host computer or a threat end time indicating an end time of a state in the threat of a password crack attack for each host computer is registered.

Note that the information in the remarks column in the figure indicates the description of the monitoring start time and the threat end time, and is not registered in the password crack management table.
Further, instead of the host name, the IP address of the host computer may be used, and any information may be used as long as the information can identify the host computer that has accessed.
Further, in the password crack management table, the above information about host computers that are neither threatened nor monitored by password crack attacks is not registered and managed.

Instead of the host information for specifying the host computer including the host name, it is possible to use connected interface information.
In this way, access from the entire network can be managed uniformly.

FIG. 4 is an explanatory diagram illustrating examples of default values of the number of times of determination, monitoring time, and threat time used when the threat determination unit 12 determines whether a DoS attack and a password crack attack are threatening or being monitored.
The threat determination unit 12 holds default values preset for the number of determinations, the monitoring time, and the threat time in a table format as shown in FIG.
The number of determinations Cd in (a) in the figure is a counter value corresponding to a threshold value that is determined to be a DoS attack threat, and the monitoring time Td1 indicates whether the number of successful authentications per unit time is equal to or greater than the above threshold value. The threat time Td2 is a predetermined elapsed time in which the lock for rejecting the access request is continued after it is determined that the DoS attack is threatened. (A) of the figure shows, as an example of default values, the number of determinations Cd: 300 times, the monitoring time Td1: 1 second, and the threat time Td2: 1 minute.

In addition, the number of determinations Cp in (b) of FIG. 6 is a counter value corresponding to a threshold value that is determined to be a threat of password cracking attack, and the monitoring time Tp1 indicates that the number of authentication failures per unit time exceeds the above threshold value. The threat crack time Tp2 is a predetermined elapsed time in which the lock for rejecting the access request is continued after it is determined that the password crack attack is being threatened. (B) of the figure shows, as an example of default values, a fixed number of times Cp: 100 times, a monitoring time Tp1: 5 seconds, and a threat time Tp2: 1 minute.
The default values of the number of successes, the number of failures, the predetermined time, and the predetermined elapsed time can be arbitrarily set by an administrator of the information processing apparatus 1 by direct operation from an operation unit (not shown) or by remote operation from an external device. Can be changed to a value.
That is, by the operation input from the operation unit by the user or the remote operation input from an external device, the number of successes and the number of failures are changed to a predetermined time related to the number of successful authentications and a predetermined time related to the number of failures. For a user whose authentication success count exceeds a threshold value within a predetermined time, a predetermined elapsed time since the start of refusal of an access request and a use where the authentication failure count exceeds a threshold value within a predetermined time The predetermined elapsed time from the start of refusal of the access request for the user can be set to a different value.

  In addition, by setting the monitoring time to an infinite value, it is possible to take all count values after startup, and in this way, it is possible to detect access that can be a threat that is distributed over a long period of time. it can.

FIG. 5 is a sequence diagram illustrating processing between the units when the information processing apparatus 1 illustrated in FIG. 1 receives a packet.
In step (indicated by “S” in the figure) 1, either the network I / F unit 15 or the wireless LAN / I / F unit 16 (hereinafter collectively referred to as “I / F units 15 and 16”) is selected via the network. When the access request packet is received from the host computer, the I / F units 15 and 16 send the received packet to the access control unit 14 in step 2.
In step 3, the access control unit 14 sends the authentication information (various information including host information, user ID, and password) in the packet to the authentication unit 11. In step 4, the authentication unit 11 receives the information from the access control unit 14. The access source host computer is authenticated based on the authentication information, and the authentication result is sent to the access control unit 14 in step 5. Since this authentication process is publicly known, detailed description thereof is omitted.

In step 6, the access control unit 14 sends the authentication result received from the authentication unit 11 and the host information (including the host name) read from the packet to the threat determination unit 12. In step 7, the threat determination unit 12 Based on the authentication result and host information received from the access control unit 14, an instruction to update the management table (DoS management table and password crack management table) in the management table storage unit 13 is issued. In step 8, the management table storage unit 13 Updates the management table based on an instruction from the threat determination unit 12.
Thus, even when a normal packet comes, it is registered in the management table.
In step 9, the threat judgment unit 12 refers to the updated management table in the management table storage unit 13 and judges a threat based on the content (whether the host computer being accessed is in a threat state or in a monitoring state). In step 11, the threat determination result is sent to the access control unit 14.

In step 12, based on the threat determination result received from the threat determination unit 12, the access control unit 14 determines that the access request from the host computer that is the access source is denied if the threat is in a state of being monitored, If so, it is determined whether to permit the access request of the access source host computer.
When the access control unit 14 determines to permit the access request, the access control unit 14 makes an SNMP processing request to the SNMP processing unit 10 in step 13, the SNMP processing unit 10 creates a response packet in step 14, and the access is performed in step 15. A response packet is sent to the control unit 14, and in step 16, the access control unit 14 instructs the I / F units 15 and 16 to send the response packet and return it to the host computer of the access source. The / F units 15 and 16 return the response packet to the access source host computer. In this way, the access request of the access source host computer is permitted.

On the other hand, if it is determined in step 12 that the access control unit 14 determines that the access request from the access source host computer is rejected, in step 18, the received packet is discarded and the response packet is not returned.
In this way, the access request of the access source host computer is rejected.

FIG. 6 is a flowchart showing processing of the access control unit 14 of the information processing apparatus 1 shown in FIG.
In step 21, when a packet is input from the I / F unit, the authentication information is output to the authentication unit in step 22, the authentication result is input from the authentication unit, and the authentication result and host information (host name) are input to the threat determination unit in step 23. ) And the threat determination result is input from the threat determination unit.
In step 24, it is determined whether or not the threat is in threat based on the threat determination result input from the threat determination unit. If the threat determination result is in the monitoring state, it is determined that monitoring is in progress. In step 25, the SNMP processing is performed on the SNMP processing unit. Request, input a response packet from the SNMP processing unit, instruct to output and return the response packet to the I / F unit in step 26, and terminate this process.

On the other hand, if the threat determination result is in the threat state at step 24, it is determined that the threat is in progress, the packet is discarded in step 27, the response packet is not returned, and this process is terminated.
In this way, the access request is rejected without returning a response packet based on the processing results of the authentication unit and the threat determination unit if the threat is in a state.
In this denial of access request, authentication by the authentication unit is continued, but control is performed so that the processing requested by the user is not performed regardless of the authentication result.
If it is a legitimate packet, of course, processing for returning a response packet is performed, and an access request is permitted.

FIG. 7 is a flowchart showing processing of the threat determination unit 12 of the information processing apparatus 1 shown in FIG.
When the authentication result and host information for the access source host computer are input from the access control unit in step 31, the management table in the management table storage unit is updated in step 32.
As a result, for the entry being monitored in the DoS management table and the password crack management table, the time in the entry is compared with the current time. If there is information corresponding to one column storing the status, counter value, and time), the information is deleted from the management table.

In step 33, it is determined whether the authentication result is success or failure. If successful, the process proceeds to step 34, and an entry corresponding to the host name of the access source is searched from the updated DoS management table of the management table storage unit. In step 35, it is determined whether or not there is a corresponding entry. If there is a corresponding entry, the counter value cd in the entry is incremented by 1 in step 36, and in step 37 the counter value cd is set for DoS attack. It is determined whether or not the number of times of determination Cd (300 times) or more. If the counter value cd is equal to or more than the number of times of determination Cd, the state sd in the entry is updated to threat in step 38, and the time td is threat for current time + DoS attack The time Td2 (1 minute) is updated, and the process proceeds to Step 40.
If it is determined in step 37 that the counter value cd is not equal to or greater than the determination number Cd, the process proceeds to step 40 as it is.

If it is determined in step 35 that there is no corresponding entry, it is additionally registered as a new entry in the DoS management table in step 39, and the host name of the access source host computer is monitored in the status sd as the host name of the entry. , +1 is registered in the counter value cd, and the current time is registered in the time td.
In step 40, the state sd of the entry is referred again, and the process proceeds to step 41.

If it is determined in step 33 that the authentication result is unsuccessful, the process proceeds to step 43, where an entry corresponding to the host name of the access source is searched from the updated password crack management table of the management table storage unit. In step 45, the value of the counter value cp in the entry is incremented by 1. In step 46, the counter value cp is determined as the number of times Cp (determining the number of password crack attacks. If the counter value cp is equal to or greater than the fixed number of times Cp, the state sp in the entry is updated to threat in step 47, and the time tp is set to the current time + the threat time Tp2 for password crack attack Update to the time of (1 minute) and go to step 49.
If it is determined in step 46 that the counter value cp is not equal to or greater than the determination count Cp, the process proceeds to step 49 as it is.

If it is determined in step 44 that there is no corresponding entry, it is additionally registered in the password crack management table as a new entry in step 48, and the host name of the access source host computer is monitored in the state sp in the host name of the entry. In the middle, the counter value cp is registered with +1 and the current time is registered with the time tp.
In step 49, the state sp of the entry is referred to again, and the process proceeds to step 41.

In step 41, it is determined whether the state sd of the entry is threatening or the state sp is threatening. If the state sd is threatening or the state sp is threatening, the process proceeds to step 42, and if the state sd is threatening. If the status sp is in threat for the host name of the entry in the DoS management table, the threat determination result in threat is output to the access control unit for the host name of the entry in the password crack management table, and the process is terminated.
If neither state sd nor state sp is in threat (if both are being monitored), the process proceeds to step 50. If state sd is being monitored, if state sp is being monitored for the host name of the entry in the DoS management table. For each host name of the entry in the password crack management table, the threat determination result being monitored is output to the access control unit, and this process ends.

In this way, if the authentication result is successful, a process related to the DoS attack is performed, and if it is unsuccessful, a process related to the password crack attack is performed.
As a basic process, if there is no entry in the management table, a new entry is added. If there is an entry in the management table, a counter value is added, and if the counter value is equal to or greater than the fixed count, the state is changed to threat.
Here, the state of the DoS attack and the state of the password crack attack are independent from each other. However, if either the DoS attack or the password crack attack is in threat, the threat to the access control unit 14 is The result of threat is returned as the judgment result.

FIG. 8 is a flowchart showing detailed processing of the management table update processing of FIG.
In the update process of the management table, the threat determination unit 12 refers to one entry from the top of the DoS management table in step 51, and determines in step 52 whether or not the status sd in the entry is being monitored. In step 53, it is determined whether or not the current time t-time in the entry td> the monitoring time Td1 for DoS attack. If the current time t-time td> the monitoring time Td1, if not, the process proceeds to step 55 as it is. If t-time td> monitoring time Td1, the process proceeds to step 54, the entry is deleted from the DoS management table, and the process proceeds to step 55.

If it is determined in step 52 that the status sd in the entry is not being monitored, it is determined in step 56 whether or not the current time t> the time td in the entry. Proceeding to step 55, if the current time t> time td, the entry is deleted from the DoS management table at step 54, and the process proceeds to step 55.
In step 55, it is determined whether or not all the entries in the DoS management table have been checked as described above. If there is an entry that has not been checked, the process returns to step 51 and the above processing is repeated. When the check is completed for all the entries, the process proceeds to step 57.

In step 57, one entry is referenced from the head of the password crack management table. In step 58, it is determined whether or not the status sp in the entry is being monitored. If so, the current time t-the time in the entry is determined in step 59. It is determined whether or not tp> monitoring time Tp1 for password crack attack. If current time t-time tp> monitoring time Tp1, the process proceeds to step 61, and if current time t-time tp> monitoring time Tp1, step is performed. Proceed to 60, delete the entry from the password crack management table, and proceed to step 61.
If it is determined in step 58 that the state sp in the entry is not being monitored, it is determined in step 62 whether or not the current time t> the time tp in the entry. Proceeding to step 61, if current time t> time tp, the entry is deleted from the password crack management table in step 60, and the process proceeds to step 61.

In step 61, it is determined whether or not all the entries in the password crack management table have been checked as described above. If there is an entry that has not been checked, the process returns to step 57 and the above processing is repeated. When the check is completed for all entries in the management table, this process is terminated.
In this way, update processing is performed on all entries in the DoS management table and the password crack management table. If the status is being monitored, the time since monitoring has started exceeds the monitoring time. If the status is not being monitored and the current time has passed the time recorded in the management table, the entry is deleted.

FIG. 9 is an explanatory diagram of the threat time and the extension of the threat time.
For example, when the information processing apparatus 1 is processing an access request from the host computer 2, if the authentication is successful for the first access request, the DoS attack is monitored, and the state sd is being monitored for the monitoring time Td1 (1 second). When the access request and the authentication success are 300 times or more during the monitoring time, the state sd is changed to the threat and the DoS attack is assumed, and the response is received by discarding the packet from the time of the access request. Without the request, the access request from the host computer 2 is rejected.
When the state sd is threatened, the time td is set to the time obtained by adding the threat time Td2 from that time, and the threat time Td2 is added from that time every time there is a new authentication success by the set time. Reset the time to extend the threat time.
If there is no new authentication success at the set time td, the threat in the state sd is canceled and the rejection of the access request from the host computer 2 is canceled.

Next, when authentication fails for the access request from the host computer 2, the password cracking attack is monitored, the state sp is monitored during the monitoring time Tp1 (5 seconds), and the access request and authentication succeed during that monitoring time. When the number of times exceeds 100, the status sp is changed to a threat and a password crack attack is assumed, and the access request from the host computer 2 is rejected without reading the packet and responding from the time of the access request. To do.
When the state sp is threatened, the time tp is set to the time obtained by adding the threat time Tp2 from that time, and the threat time Tp2 is added from that time every time there is a new authentication failure by the set time. Reset the time to extend the threat time.
If there is no new authentication success even at the set time tp, the threat in the state sp is canceled and the rejection of the access request from the host computer 2 is canceled.

As described above, the DoS attack and the password crack attack are independent from each other, and after being determined to be a DoS attack first, even if accessed as a DoS attack threat, the authentication result is a failed packet. Although it is processed by the access control unit as an authentication failure, an authentication failure and a packet are returned.
However, if the authentication failure continues and the threshold value is exceeded, it is naturally determined that it is a threat, packet processing is not performed, and an authentication failure packet is not returned.

In this way, it is possible to detect an access that can be a threat of a DoS attack and a password crack attack on the information processing apparatus, and to safely deny the access.
In addition, the lock function that rejects access requests for DoS attacks and password crack attacks is released after a certain period of time, and the effective period of the lock functions is extended independently during the DoS attack and password crack attack threats. By making it possible, it is possible to prevent unnecessary restrictions on the threats of DoS attacks and password crack attacks, and to efficiently prevent threats.

In the DoS management table and password crack management table, the host information is used to manage entries by host name regardless of the user name, so that it can handle general access methods other than login name and password. can do.
Further, since access from the host computer during the threat of the DoS attack and password crack attack is rejected, only the access with the threat can be rejected without hindering access from the authorized user.
The information processing apparatus of this embodiment can improve security for a regular user to use safely in a network used by an unspecified number of users.
In the above embodiment, monitoring, threat determination, and access request rejection are described for each host computer. However, monitoring, threat determination, and access request are performed for each interface including a network interface and a wireless local area network interface. You may make it refuse. In that case, a DoS management table and a password crack management table may be provided and managed in the same manner as described above for each interface type.

  The information processing apparatus and information processing method according to the present invention can be applied to all apparatuses including a copying machine, a printing machine, a facsimile machine, a multifunction machine, and a computer.

It is a block diagram which shows the structure of the network containing the information processing apparatus which is one Example of this invention. It is explanatory drawing which shows the example of data registered into the DoS management table among the management tables stored in the management table memory | storage part shown in FIG. It is explanatory drawing which shows the example of data registered into the password crack management table among the management tables stored in the management table memory | storage part shown in FIG. It is explanatory drawing which shows an example of the default value of the fixed number of times, monitoring time, and threat time used when the threat determination part shown in FIG. 1 determines during the threat of DoS attack and a password crack attack, and monitoring.

It is a sequence diagram which shows the process between each part when the packet in the information processing apparatus shown in FIG. 1 is received. It is a flowchart figure which shows the process of the access control part of the information processing apparatus shown in FIG. It is a flowchart figure which shows the process of the threat determination part of the information processing apparatus shown in FIG. FIG. 8 is a flowchart showing a detailed process of a management table update process shown in FIG. 7. It is explanatory drawing of extension of threat time and threat time.

Explanation of symbols

1: Information processing device 2-4: Host computer 10: SNMP processing unit 11: Authentication unit 12: Threat determination unit 13: Management table storage unit 14: Access control unit 15: Network I / F unit 16: Wireless LAN / I / Part F

Claims (8)

An authentication means for receiving an access request from a user and authentication information of the user by communication, and authenticating the user of the access request source based on the received authentication information;
Determination means for determining, based on an authentication result by the authentication means, a user whose authentication success count is equal to or greater than a threshold value within a predetermined time and a user whose authentication failure count is equal to or greater than a threshold value within a predetermined time When,
An information processing apparatus comprising: control means for controlling to reject an access request from a user determined by the determination means.   The information processing apparatus according to claim 1, wherein in the control for rejecting the access request, authentication is performed by the authentication unit, and control is performed so that the requested process is not performed regardless of the authentication result.   For users whose authentication success count has exceeded the threshold value within a predetermined time, if a new authentication has not succeeded even after the elapse of a predetermined time since the start of the access request rejection, the access request is rejected. If the number of authentication failures exceeds a threshold value within a predetermined time, and there is no new authentication failure after the elapse of a predetermined time since the start of refusal of the access request, the access request 3. An information processing apparatus according to claim 1, further comprising means for canceling the refusal.   4. The information processing apparatus according to claim 1, further comprising means for changing the predetermined time or the threshold value.   An access request for the number of successes and the number of failures, a predetermined time related to the number of successful authentications and a predetermined time related to the number of failed times for a user whose success number of authentications exceeds a threshold value within a predetermined time The predetermined elapsed time since the start of refusal and the predetermined elapsed time after the start of refusal of an access request for a user whose authentication failure count exceeds a threshold value within the predetermined time are set to different values. 5. The information processing apparatus according to claim 1, further comprising a setting unit.   An authentication step of receiving an access request from a user and authentication information of the user by communication, authenticating the user of the access request source based on the received authentication information, and an authentication result by the authentication step A determination step for determining a user whose authentication success count is equal to or greater than a threshold value within a predetermined time and a user whose authentication failure count is equal to or greater than a threshold value within a predetermined time, and the determination step. An information processing method comprising: a control step of controlling to reject an access request from a user.   For users whose authentication success count has exceeded the threshold value within a predetermined time, if a new authentication has not succeeded even after the elapse of a predetermined time since the start of the access request rejection, the access request is rejected. If the number of authentication failures exceeds a threshold value within a predetermined time, and there is no new authentication failure after the elapse of a predetermined time since the start of refusal of the access request, the access request The information processing method according to claim 6, further comprising a step of canceling the refusal.   An authentication procedure for receiving an access request from a user and authentication information of the user by communication to the computer, and authenticating the user of the access request source based on the received authentication information, and authentication by the authentication procedure A determination procedure for determining a user whose authentication success count is equal to or greater than a threshold value within a predetermined time and a user whose authentication failure count is equal to or greater than a threshold value within a predetermined time based on the result; And a control procedure for executing control so as to reject the access request from the user determined by.

Images