JP5078425B2 - Access authority management apparatus, access authority management method, and program - Google Patents

Description

The present invention relates to a technique for managing access authority to an access restricted object whose access is restricted.
The access restriction object is, for example, an entry restriction area where access (entrance) is restricted by an entrance management device such as a lock door or an entrance gate, and computerized information (data access restricted by a data access management device). Access restriction data).

In recent years, with the frequent occurrence of information leakage accidents, security awareness has increased, and access control according to the authority of the user has been implemented in various situations such as unlocking doors and accessing electronic files.
For example, Patent Literature 1 discloses a technique for performing access control in accordance with a user's authority for digitized information, manages the status of the digitized information to be accessed, and the user for each status of the digitized information. It is described that access authority according to the type of application is applied.
As a result, the access authority changes according to the change in the state of the digitized file, so the access authority according to the situation at the time of access is applied by dynamically changing the state according to the change in the situation. Is possible.
JP 2006-107112 A

As shown in Patent Document 1 above, the method of managing the access target (for example, digitized information) state and changing the access authority by changing the access target state according to the situation is the same authority. It is possible to apply uniform access rights to users who have
However, it is not possible to give access authority only to users who have the same authority but satisfy a specific condition, such as a user who has taken a specific procedure and a user who has accessed through a specific route.
For example, according to the prior art, an unlocked applicant can access an electronic file only during a pre-applied time period, and unlocking is permitted for users who have passed a specific route in a specific order. There is a problem that access control such as enabling is not possible.
The best example is anti-passback that does not allow users who do not have entry records to leave.
That is, the state of the door to be accessed (in other words, the state of the entrance restricted area at the end of the door) does not change, and the user's behavior is not reflected in the access control. Passback cannot be realized.

  The present invention has one of the main purposes to solve such a problem, rather than managing the status of the access target, managing the status of the user, changing the status according to the status, One of the main objectives is to change the access authority to the access target according to the state to apply the access authority that is optimal for the situation at the time of access.

The access authority management device according to the present invention is:
An access authority management device that manages the access authority of the user to the access restriction object based on the state of the user who uses the access restriction object to which access is restricted,
A transition destination determination unit that determines a state transition destination according to the state transition condition of the generated state transition event each time a state transition event that matches any state transition condition occurs for the user;
The current state of the user is managed, and every time the transition destination of the user is determined by the transition destination determination unit, the transition destination determination unit determines from the current state of the user It is determined whether or not the state transition to the transition destination matches the state transition order specified for the user, and the use is performed when the state transition matches the state transition order. A state management unit that changes the current state of the person to the transition destination state determined by the transition destination determination unit;
And an access authority determining unit that determines an access authority of the user to the access restricted object according to a current state of the user managed by the state management unit.

  According to the present invention, since the access authority to the access restriction object is determined for each user based on the state of the user, not the state of the access restriction object, the user situation such as the access route to the access restriction object It is possible to apply access authority that conforms to.

Embodiment 1 FIG.
FIG. 1 is a diagram showing a system configuration example according to the present embodiment, and shows an entrance / exit management system 100 that performs door unlocking control.
In other words, in the present embodiment, the entrance restricted area where entry is restricted by the locked door 13 (entrance / exit management device) is taken as an example of an access restricted object, and the locked door 13 is unlocked to enter the restricted entry area. An example of managing the access authority of the user to the restricted access area based on the state of the user who tries to enter the site will be described.

In FIG. 1, reference numeral 1 denotes a state information storage unit for storing user state information.
The state information is, for example, information shown in FIG. 5 and indicates the state of the user for each user (user ID). Details of the state information will be described later with reference to FIG.
A state chart information storage unit 2 stores state chart information.
The state chart information is, for example, information shown in FIG. 2 and information indicating the state transition order of the user. Details of the state chart information will be described later with reference to FIG.

A state management unit 3 controls the transition order of the state information using the state chart information and provides the state change request unit 10 and the access authority change request unit 5 with the change of the state information.
The state management unit 3 is an example of a state management unit.

Reference numeral 4 denotes an access authority change rule storage unit that stores an access authority change rule.
The access authority change rule is, for example, information shown in FIG. 3, and indicates an access authority to an entrance restricted area (an area at the end of each door) for each user state. Details of the access authority change rule will be described later with reference to FIG.
The access authority change rule is an example of an access authority application rule, and the access authority change rule storage unit 4 is an example of an access authority application rule storage unit.

Reference numeral 5 denotes an access authority change request unit that makes an access authority change request to the access authority change execution unit 6 on the condition that the state information provided by the state management unit 3 changes in accordance with the access authority change rule.
The access authority change request unit 5 is an example of an access authority determination unit.

  An access authority execution unit 6 changes access authority information in response to a request from the access authority change request unit 5.

7 is a context information collection unit that provides the collected context information to the state change request unit 10.
The context information is dynamic information such as time, temperature, door opening / closing record, user authentication record, user pass record, and the like.

A static information collection unit 8 provides the collected static information to the state change request unit 10.
Static information is static information such as user information (such as a user ID) and organization information (such as a department to which the user belongs).

A state change rule storage unit 9 stores state change rules.
The state change rule is, for example, information illustrated in FIG. 4 and indicates a state transition destination for each state change condition (state transition condition). Details of the state change rule will be described later with reference to FIG.
The state change rule is an example of a transition destination determination rule, and the state change rule storage unit 9 is an example of a transition destination determination rule storage unit.

10 is a state change requesting the state management unit 3 to change the state information of the user when the information provided from the context information collection unit 7 and the static information collection unit 8 satisfies the condition according to the state change rule. It is a request part.
Note that the state change request unit 10 may not use the static information from the static information collection unit 8. That is, when the context information from the context information collection unit 7 satisfies the condition, the state change request unit 10 requests the state management unit 3 to change the user state information without considering the static information. It is also possible.
The state change request unit 10 is an example of a transition destination determination unit.

  An access authority storage unit 11 stores access control information used by the entrance / exit control unit 12 for unlocking management of the door 13.

Reference numeral 12 denotes an entrance / exit control unit that controls the unlocking of the door 13 using the access control information.
The entrance / exit control unit 12 is an example of a control device.

13 is a door which the entrance / exit control part 12 manages unlocking.
The door 13 is an example of an entrance / exit management device.
An area where entrance is restricted by the locking of the door 13 is an entrance restricted area.

  In FIG. 1, a range 101 surrounded by a broken line corresponds to an access authority management device.

  In the present embodiment, the state change request unit 10 generates a state transition event every time a state transition event that matches any of the state change conditions (state transition conditions) shown in FIG. The change destination state (state transition destination) is determined according to the state change condition. In the present embodiment, the state transition event corresponds to an entrance restriction release event in which the entrance restriction is released at any door 13 (the door 13 is unlocked) for a certain user, and the state change request unit 10 Determines the state to be changed according to the door 13 for which the entrance restriction is released.

  Further, the state management unit 3 manages the current state of the user using the state information stored in the state information storage unit 1, and the state change request unit 10 determines the change destination state for the user. Each time, the state change requesting unit 10 determines from the current state of the user by referring to the statechart information stored in the statechart storage unit 2 (statechart information specified by the user). It is determined whether the state transition to the destination state matches the state transition order indicated in the state chart information, and the state transition to the destination state matches the state transition order of the state chart information. If it is, the current state of the user is changed to the state of the transition destination determined by the state change request unit 10.

The access authority change request unit 5 refers to the access authority change rule stored in the access authority change rule storage unit 4 and determines the user's current state managed by the state management unit 3 according to the current state of the user. The authority to access the restricted entry area, in other words, whether to release the restricted entry by the door 13 for the user (whether to unlock the door) is determined for each door 13.
For example, when the state management unit 3 changes the user's current state to the transition destination state, the access authority change request unit 5 accesses the user's entrance restricted area based on the changed state. New authority is determined.

  On the other hand, when the state change request unit 10 determines the change destination state for the user, the state management unit 3 changes the current state of the user to the change destination state determined by the state change request unit 10. If the state transition does not match the state transition order indicated in the state chart information, the current state of the user is not changed. Therefore, in this case, the access authority change request unit 5 does not change the current state of the user. Maintain access rights for.

  Then, the access authority determined by the access authority change request unit 5 is notified to the entrance / exit control unit 12 via the access authority change execution unit 6 and the access authority storage unit 11, and the entrance / exit control unit 12 is connected to each door 13. Are controlled to enter the restricted entry area of the user (unlock the door 13) or restrict entry to the restricted entry area (lock the door 13).

Next, FIG. 2 shows an example of state chart information.
In this example, the state chart information is composed of state types that can be set and arrows indicating states that can be transitioned from each state.
For example, in the state chart information of category 1, it is possible to transition from state A to state B, but not transition to state C or state D. In addition, the state B can transition to the state A and the state C, but cannot transition to the state D. Transition from state C to state A and state D is possible, but transition to state B is not possible. Further, although it is possible to transition from state D to state A, it is not possible to transition to state B or state C.
Thus, the state chart information indicates the order of state transition.
FIG. 2 shows an example in which there are two types of state chart information of category 1 and category 2.
Category 1 and category 2 can be classified according to, for example, the user's department, job title, or function. For example, it is possible to apply a category 1 state chart to users belonging to the sales department, and a category 2 state chart to users belonging to departments other than the sales department. Further, for example, it is possible to apply the category 1 statechart information to users having positions higher than the section manager, and apply the category 2 statechart information to users below the section manager.

Next, FIG. 3 shows an example of the access authority change rule.
The access authority change rule indicates the access authority change contents for the access authority change condition.
The access authority changing condition is a state after state transition for a certain user.
For example, when it is determined that the state after the state transition of a certain user is the state A (corresponding to if (“state A”)), the user is permitted to pass through the door 1 ( As a result, the door 1 is allowed to enter the area beyond the door 1. On the other hand, the passage of doors 2 to 0 is prohibited (the doors 2 to 0 are locked), and entry to the area beyond the doors 2 to 0 is prohibited.
When it is determined that the state after the state transition of a certain user is the state B (corresponding to if (“state B”)), the user is permitted to pass through the door 2 ( As a result, the door 2 is permitted to enter the area beyond the door 2. On the other hand, passage is prohibited for door 1 and door 3 to door 0 (the locking of door 1, door 3 to door 0 is maintained), and access to the area ahead of door 1, door 3 to door 0 is performed. Admission is prohibited.
The same applies to the state C and the state D.

FIG. 4 shows an example of the state change rule.
The state change rule indicates a state transition destination (change destination state) for each state change condition.
For example, when a certain user passes through the door 1 (corresponds to if (“door 1 passing”)), the state transition destination of the user is determined to be the state B.
Further, when a certain user passes through the door 2 (corresponding to if (“passing through the door 2”)), the transition destination of the state of the user is determined to be the state C.
The same applies to the doors 3 and 0.

FIG. 5 shows an example of state information.
The state information indicates, for each user, a category applied to the user (a category of state chart information) and a current state.
In the example of FIG. 5, the state chart information of category 1 is applied to the user with the user ID: 001, and the current state is state A.

FIG. 6 shows an example of context information.
The context information indicates the event type and event occurrence time for each user.
In the example of FIG. 6, an event that the user with the user ID: 001 has passed through the door 1 is shown, and the occurrence time of the event is 10:00 on April 10, 2007. It is shown.
The context information is collected by the context information collection unit 7 and notified to the state change request unit 10.
In the present embodiment, when the user passes through each door, the card reader disposed near the door inputs a user ID to an input device (not shown) disposed near the door. A biometric information input device (not shown) arranged in the vicinity of the door that holds a user ID over the ID card (not shown) and causes the card reader to read the user ID. The context information collection unit 7 obtains the user ID provided by the user in this way, and generates context information.

FIG. 7 shows an example of static information.
The static information indicates the department to which the user belongs and the title of the user for each user.
In the example of FIG. 7, it is indicated that the user with the user ID: 001 belongs to the sales section 1 and the title is the section manager.
As described above, it is possible to classify the classification of the state chart information according to the department, position, function, etc. indicated in the static information.
Static information is collected by the static information collection unit 8. For example, the static information collection unit 8 may acquire static information of a corresponding user from an employee database.

  Hereinafter, an outline of the operation of the access authority management apparatus 101 according to the present embodiment will be described with reference to FIG. 8. First, state information such as a user ID, which is a premise of the processing of FIG. 8 (FIG. 5). Describes the registration.

In the present embodiment, it is assumed that the user always reaches the other door after passing through the door 0, and when passing through the door 0, the user enters the user ID in the input device arranged in the vicinity of the door 0. Or by holding the ID card in which the user ID is recorded against the card reader arranged in the vicinity of the door 0 and causing the card reader to read the user ID.
Then, the context information collecting unit 7 generates the context information that notifies the user ID input in this way and the passage of the user's door 0, and sends the context information (FIG. 6) to the state change request unit 10. Output.
The state change request unit 10 obtains context information and requests static information for the user ID indicated in the context information from the static information collection unit 8. The state change request unit 10 collects static information. Static information (FIG. 7) for the user ID is acquired from the unit 8.
Further, the state change request unit 10 refers to the state change rule (FIG. 4) stored in the state change rule storage unit 9, and matches the “door 0 passage” event indicated in the context information. Based on the state change condition (if (“door 0 passing”)), the change destination state: state A is determined as the current state of the user.
Then, the state change request unit 10 notifies the state management unit 3 of the state A determined from the user ID indicated in the context information, the affiliation, the title, and the state change rule indicated in the static information.
The state management unit 3 determines the classification of the state chart information to be applied to the user from the affiliation and post of the user notified by the state change request unit 10, and state information in the state information storage unit 1 (FIG. 5). ) Is registered with the user ID, category, and state (state A) of the user.
The registration process of the user ID, category, and state in the state information is an example, and may be a procedure different from the above.

Next, the overall flow of the method for managing the access authority of the user when the user ID, category, and state are registered in the state information will be described with reference to FIG.
The state change request unit 10 is waiting for input of context information (ST11), and when the context information collection unit 7 generates an event at the door 13, that is, a door unlocking event by the user, the user User ID, event type (passage of door 1, etc.), event occurrence time, etc. are collected as context information and output to the state change request unit 10 in the form shown in FIG. Enter information. At this time, the state change request unit 10 may also input the static information of the user from the static information collection unit 8.
Next, the state change request unit 10 compares the content of the context information with the state change rule (FIG. 4) (ST12) (transition destination determination step), and the event content indicated in the context information in the state change rule It is determined whether or not a matching state change condition is described (ST13) (transition destination determination step). For example, if the event “passing door 1” is indicated in the context information, it is determined whether a state change condition matching “passing door 1” is described.

In the state change rule, when the state change condition that matches the event content indicated in the context information is not described (No in ST13), the state change request unit 10 does nothing with the context information. Then, the process returns to ST11. Further, the state change request unit 10 may perform predetermined error processing.
On the other hand, in the state change rule, when the state change condition that matches the event content indicated in the context information is described (Yes in ST13), the state change request unit 10 sets the transition destination corresponding to the state change condition. A state (change destination state) is determined (ST14) (transition destination determination step).
In addition, the state change request unit 10 notifies the state management unit 3 of the determined transition destination state (change destination state) and the user ID, and requests a change of the state information.

The state management unit 3 that has received the notification of the transition destination state (change destination state) and the user ID from the state change request unit 10 indicates the current state of the user and the transition notified from the state change request unit 10. The previous state (change-destination state) is compared with the state chart information (FIG. 2) (ST15) (state management step).
Specifically, the state management unit 3 extracts a record in which the same user ID as the user ID notified from the state change request unit 10 is described from the state information (FIG. 5), and the user ID And the state chart information corresponding to the acquired classification is acquired, and the transition destination state (change destination state) notified from the state change request unit 10 is acquired. State) and state chart information are compared.
Then, the state management unit 3 determines whether or not the state transition from the current state to the transition destination state matches the state transition order indicated in the state chart information (ST16) (state management step).

If the state transition from the current state to the transition destination state does not match the state transition order indicated in the state chart information (No in ST16), the state management unit 3 does nothing and performs the process to ST11. return. Alternatively, the state management unit 3 may perform predetermined error processing.
On the other hand, if the state transition from the current state to the transition destination state does not match the state transition order indicated in the state chart information (Yes in ST16), the state of the state information (current state) is changed to the state. The state is changed to the transition destination notified from the request unit 10 (ST17) (state management step).
Then, the state management unit 3 notifies the access authority change request unit 5 of the changed state and the user ID.

The access authority change request unit 5 compares the changed state notified from the state management unit 3 with the access authority change rule (FIG. 3) (ST18) (access authority determination step).
Then, the access authority change request unit 5 determines whether or not an access authority change condition that matches the changed state is described in the access authority change rule (ST19) (access authority determination step).

When the access authority change condition that matches the changed state is not described in the access authority change rule (No in ST19), the access authority change request unit 5 does nothing and returns the process to ST11. Alternatively, the access authority change request unit 5 may perform predetermined error processing.
On the other hand, when an access authority change condition that matches the state after the change is described in the access authority change rule (Yes in ST19), the access authority change request unit 5 accesses the access authority corresponding to the access authority change condition. The contents of the change, that is, the new access authority for the entry restricted area of the user is determined (ST20) (access authority determination step).
Then, the access authority change request unit 5 determines the access authority change that has been determined, that is, the new access authority for the user's entrance restricted area and the user ID of the user (the user ID notified from the state management unit 3). ) Is notified to the access authority change execution unit 6 (ST21).
Thereafter, the access authority change execution unit 6 stores the new access authority in the access authority storage unit 11 to update the access authority of the user, and the entrance / exit control unit 12 performs each access authority according to the access authority of the access authority storage unit 11. Restrict entrance at the door.

Next, operation examples of the state change request unit 10, the state management unit 3, and the access authority change request unit 5 will be described with reference to FIGS.
FIG. 9 shows a processing flow (access authority determination step) of the access authority change request unit.
FIG. 10 shows a processing flow (transition destination determination step) of the state change request unit.
FIG. 11 shows a processing flow (state management step) of the state management unit.

In FIG. 10, the state change request unit 10 acquires the current context information and static information from the context information collection unit 7 and the static information collection unit 8, and checks whether there is a state change rule whose contents satisfy the condition. (ST201, ST202, ST203).
At this time, the current state information provided from the state management unit 3 may also be used for the condition check.
If there is a state change rule that satisfies the condition, the state management unit 3 is requested to change the state information in accordance with the content (ST204, ST205).

In FIG. 11, the state management unit 3 receives a state information change request from the state change request unit 10, and checks whether the transition is permitted by the state chart information (ST301, ST302, ST303).
A plurality of statechart information may be used in accordance with the type of user and the management unit.
When the transition is permitted, the state information stored in the state information storage unit 1 is changed, and the change contents are notified to the access authority change request unit 5 (ST304, ST305, ST306).

In FIG. 9, the access authority change request unit 5 receives the state information change notification from the state management unit 3 and checks whether there is an access authority change rule that satisfies the change content (ST101, ST102, ST103).
If there is an access authority change rule that satisfies the conditions, the access authority change execution unit 6 is requested to change the access authority in accordance with the content (ST104, ST105).

In accordance with the change request from the access authority change request unit 5, the access authority change execution unit 6 sets the access authority information stored in the access authority storage unit 11 and has the authority to unlock the door 13. Manipulate the list.
The entrance / exit control unit 12 controls the unlocking of the door 13 using the access authority information changed by the access authority change execution unit 6 stored in the access authority storage unit 11.
In this way, it is possible to add a function for dynamically changing access authority information used for door unlock control in accordance with current information to the entrance / exit management system.

As described above, in the present embodiment, the state information of the user is changed according to the current information, and the access authority of the user is changed according to the changed state information. On the other hand, it is possible to perform door unlocking control using an access right optimal for the current information (situation).
For this reason, in the entrance / exit management system 100 according to the present embodiment, the following four effects can be obtained.

As a first effect, by controlling the order of transition of state information, in order to transition to specific state information, it is possible to allow the user to perform processing in a specific procedure. Therefore, it is possible to prove the access history and access process of the user.
When the state chart information of FIG. 2 and the state change rule of FIG. 4 are used, in order to transition to the state information of “state D” on the “category 1” state chart of FIG. , “Door 1 pass”, “Door 2 pass”, “Door 3 pass” must be processed in this order, so when “State D” is reached, “Door 1 pass”, “Door 2 pass”, It can be proved that the processing is performed in the order of “passing through door 3”.
Therefore, it is not necessary to set the past process as the access control condition.
As a result, the past context information and static information used in the past to use the past history are no longer necessary in this embodiment, and only the current information (situation) is used to determine the past user history. It is possible to implement the access control used.

  As a second effect, since the state information is managed for each user and the access authority is applied, it becomes possible to provide different access authorities to users of the same role depending on the circumstances so far. Accordingly, it is possible to cope with the anti-passback that has been a problem in Patent Document 1.

As a third effect, it is possible to perform different access control depending on the applied state chart information without changing the state change rule and the access authority change rule.
When the state chart information of FIG. 2, the access authority change rule of FIG. 3, and the state change rule of FIG. 4 are used, the user to whom the “chart 1” state chart information of FIG. When processing is performed in the order of “passing through door 2” and “passing through door 3”, the state information becomes “state D”, the access authority to “door 4” becomes “permitted”, and “door 4” can be unlocked. Become. However, in the case of a user to whom the state chart information of “Category 2” is applied, even if the same processing is performed, the transition to “State D” is not permitted on the state chart. The access authority remains “prohibited”.
In this way, by applying different state chart information, it is possible to change the transition of the state information and change the access procedure and the access authority to be applied.
Further, in Patent Document 1, uniform access control is performed for each role, but in the present embodiment, by changing the statechart information to be applied for each user role, access is made for each role. It is possible to change the access authority for each user according to the progress of the procedure.

As a fourth effect, the state management unit 3 provides the state change request unit 10 with state information of all the users to be managed, so that access control is performed on the condition of the state information of other users. Is possible.
For example, when a specific user unlocks, all users can unlock, and only when a specific user has unlocked, other users can unlock. It becomes possible.
In Patent Document 1, only the state of the access target is used as an access control condition, but in this embodiment, access control involving the status of other users is possible.

Embodiment 2. FIG.
FIG. 12 is a diagram showing a system configuration example according to the present embodiment, and shows an access control system 200 that performs access control to computerized information.
In other words, the present embodiment uses digitized information (access restricted data) whose data access is restricted as an example of an access restricted object, and based on the status of the user attempting data access to the digitized information, An example in which the user's access authority to the computerized information is managed will be described.

  In FIG. 12, a state information storage unit 1, a state chart storage unit 2, a state management unit 3, an access authority change rule storage unit 4, an access authority change request unit 5, an access authority change execution unit 6, a context information collection unit 7, The target information collection unit 8, the state change rule storage unit 9, and the state change request unit 10 are the same as those in FIG. Similarly to FIG. 1, the range indicated by the broken line 101 is an example of the access authority management apparatus.

In FIG. 12, reference numeral 11 denotes an access authority storage unit that stores access authority information used by the access control unit 14 for user access control to the computerized information stored in the computerized information storage unit 15.
Reference numeral 14 denotes an access control unit that controls user access to the computerized information stored in the computerized information storage unit 15 using the access control information. The access control unit 14 is an example of a data access management device.
Reference numeral 15 denotes an electronic information storage unit that stores electronic information for which the access control unit 14 performs access control.

FIG. 13 shows an example of state chart information used in the access control system 200 according to the present embodiment.
FIG. 14 shows an example of an access authority change rule used in the access control system 200 according to the present embodiment.
FIG. 15 shows an example of a state change rule used in the access control system 200 according to this embodiment.
In the example shown in FIGS. 13 to 15, for a user whose validity flag is true, read authority to group A digitized information and read / write authority to group B digitized information after 10:00 are given. For users who have been automatically applied and have performed fingerprint authentication, write authority to group A is added, and access authority of all users is revoked after 17:00.

Next, the operation will be described.
The operation principle of the access control system 200 according to the present embodiment is the same as that described in the flowcharts shown in FIGS. Hereinafter, the operation of the access control system 200 according to the present embodiment will be described in accordance with the examples shown in FIGS.
First, when the state change request unit 10 detects that the time has reached 10 o'clock by inputting context information notifying the fact from the context information collection unit 7 at 10 o'clock, the valid flag is set to use true. A request to make the state information transition to “state B”, the state management unit 3 confirms the suitability of the state transition by referring to the state chart information, executes the change to “state B”, and has access authority. The change request unit 5 is notified of the change to “state B”.
The access authority change request unit 5 accesses so as to apply the read authority to the digitized information of group A and the read and write authorities to the digitized information of group B, which are the access authorities of “state B”. Requested to the authority change execution unit 6, the access authority change execution unit 6 changes the access authority information stored in the access authority storage unit 11.
As a result, when 10 o'clock has passed, a new access authority is applied to the user whose user flag is true.

Further, when the user succeeds in the fingerprint authentication, the state change request unit 10 detects the change by inputting the context information notifying the fact from the context information collection unit 7, and the state change request unit 10 changes the state information. When requested, the state management unit 3 executes the change to “state C”, and notifies the access authority change request unit 5 of the change to “state C”, so that the corresponding user is digitized. A write right to the information is newly added.
Further, when 17:00 has elapsed, the state change request unit 10 requests all users to change the state information to “state A”. Access to the digitized information of group B and the digitized information of group B is prohibited.

  Here, the state information of the user before 10:00 or the user flag whose user flag is not “true” is “state A”. However, even if the fingerprint authentication is successful at this time, “state A” in the state chart information Since the transition from “to state C” is not permitted, access to the digitized information of group A and the digitized information of group B remains prohibited.

Moreover, the actual conditions for applying the write authority to the digitized information of group A are as follows:
if (“user”. “valid flag” == true &&“time”> = “10 o'clock” && “time” <“17:00” && “fingerprint authentication successful”)
However, when the state information is “state B” by the restriction of the transition order of the state information by the state chart information and the dynamic request execution by the time check of the state change request unit 10, “user”. “Valid flag” == true &&“time”> = “10 o'clock” && “time” <“17:00”
Therefore, it is only necessary to define “successful fingerprint authentication” as the condition for changing to “state C”, and the condition setting can be simplified.

  As described above, according to the present embodiment, dynamic information such as the user's history and time and static information such as user registration information are considered for the user who accesses the computerized information. Therefore, it is possible to apply the access authority that is most suitable for the accessed situation.

In the first and second embodiments described above, the state chart information including the following means is used to manage the user's state and control the transition order thereof, and to change the access authority in accordance with the change in the state. The access authority setting system to perform was explained.
A state information storage unit for storing state information, which is information defining the user's state;
A statechart information storage unit that stores statechart information, which is information that defines the states that can be taken by the user and their transition order;
A state management unit that controls the transition order of the user's state information using the state chart information and updates the change of the state information stored in the state information storage unit;
As a rule to change the access authority, the user authority information stored in the state information storage unit is included in the condition, and the access authority change rule that specifies the access authority change content in the process to be executed when the condition is satisfied. Stored access authority change rule storage,
An access authority change request for making an access authority change request to the access authority change request part on the condition of the user state information provided by the state management part according to the access authority change rule stored in the access authority change rule storage part Part,
An access authority change execution unit that changes access authority information in response to a request from the access authority change request unit.

In addition to the above-mentioned means, the following means are provided to manage the user's state and control the transition order using statechart information, and to change the access authority according to the state change. Also explained the authority setting system.
Context information collection unit that collects and provides dynamic information such as time, temperature, door opening / closing record, user authentication record, user pass record,
Static information collection unit that collects and provides static information such as user information and organization information,
As the rules for changing the state information stored in the state information storage unit, the context information provided from the context information collection unit, the static information provided from the static information collection unit, and the usage provided from the state management unit as conditions A state change rule storage unit that stores state change rules that define state information change contents in the process executed when the condition information of the person is satisfied,
A state change request unit that requests the state management unit to change state information in accordance with the state change rule stored in the state change rule storage unit.

Further, in the first embodiment, the entrance / exit management system that controls the entrance / exit of the user, which includes the above access authority setting system and the following means, has been described.
An access authority storage unit that stores access authority information that is information defining the user's unlocking authority for the door,
An entrance / exit control unit that controls the unlocking of the user's door using the access authority information.

Further, in the first embodiment, the entrance / exit management system that controls the entrance / exit of the user, which includes the above access authority setting system and the following means, has been described.
An access authority storage unit that stores access authority information that is information defining the user's unlocking authority for the door,
An entrance / exit control unit that controls the unlocking of the user's door using the access authority information.

In the second embodiment, the access control system that controls access to the computerized information of the user, including the above-described access authority setting system and the following means, has been described.
An access authority storage unit that stores access authority information, which is information defining the access authority of the user, with respect to electronic information,
An access control unit that performs user access control using access authority information.

In the second embodiment, the access control system that controls access to the computerized information of the user, including the above-described access authority setting system and the following means, has been described.
An access authority storage unit that stores access authority information, which is information defining the access authority of the user, with respect to electronic information,
An access control unit that performs user access control using access authority information.

Finally, a hardware configuration example of the access authority management apparatus 101 shown in the first and second embodiments will be described.
FIG. 16 is a diagram illustrating an example of hardware resources of the access authority management apparatus 101 illustrated in the first and second embodiments. The configuration in FIG. 16 is merely an example of the hardware configuration of the access authority management apparatus 101. The hardware configuration of the access authority management apparatus 101 is not limited to the configuration illustrated in FIG. There may be.

In FIG. 16, the access authority management apparatus 101 includes a CPU 911 (also referred to as a central processing unit, a central processing unit, a processing unit, a processing unit, a microprocessor, a microcomputer, and a processor) that executes a program. The CPU 911 is connected to, for example, a ROM (Read Only Memory) 913, a RAM (Random Access Memory) 914, a communication board 915, a display device 901, a keyboard 902, a mouse 903, and a magnetic disk device 920 via a bus 912. Control hardware devices. Further, the CPU 911 may be connected to an FDD 904 (Flexible Disk Drive), a compact disk device 905 (CDD), a printer device 906, and a scanner device 907. Further, instead of the magnetic disk device 920, a storage device such as an optical disk device or a memory card read / write device may be used.
The RAM 914 is an example of a volatile memory. The storage media of the ROM 913, the FDD 904, the CDD 905, and the magnetic disk device 920 are an example of a nonvolatile memory. These are examples of a storage device or a storage unit.
The communication board 915, the keyboard 902, the scanner device 907, the FDD 904, and the like are examples of an input unit and an input device.
Further, the communication board 915, the display device 901, the printer device 906, and the like are examples of an output unit and an output device.

The communication board 915 is connected to the network. For example, the communication board 915 may be connected to a LAN (local area network), the Internet, a WAN (wide area network), or the like.
The magnetic disk device 920 stores an operating system 921 (OS), a window system 922, a program group 923, and a file group 924. The programs in the program group 923 are executed by the CPU 911, the operating system 921, and the window system 922.

The program group 923 stores, for example, programs that execute the functions described as the state management unit 3, the access authority change request unit 5, and the state change request unit 10 in the description of the first and second embodiments. Yes. The program is read and executed by the CPU 911.
The file group 924 includes, for example, state chart information, access authority change rules, state change rules, state information, context information, and static information described in the first and second embodiments.
In the file group 924, for example, in the first and second embodiments, “determination of”, “calculation of”, “comparison of”, “determination of”, “change of”, “ Information, data, signal values, variable values, and parameters indicating the results of the processing described as "setting", "registration of", "updating", etc., for each of "~ file" and "~ database" It is stored as an item. The “˜file” and “˜database” are stored in a recording medium such as a disk or a memory.
Information, data, signal values, variable values, and parameters stored in a storage medium such as a disk or memory are read out to the main memory or cache memory by the CPU 911 via a read / write circuit, and extracted, searched, referenced, compared, Used for CPU operations such as calculation, calculation, processing, editing, output, printing, and display.
Information, data, signal values, variable values, and parameters are stored in the main memory, registers, cache memory, and buffers during the CPU operations of extraction, search, reference, comparison, calculation, processing, editing, output, printing, and display. It is temporarily stored in a memory or the like.

  The arrows in the flowcharts described in the first and second embodiments mainly indicate input / output of data and signals. The data and signal values are the memory of the RAM 914, the flexible disk of the FDD904, the compact disk of the CDD905, and the magnetic field. The data is recorded on a recording medium such as a magnetic disk of the disk device 920, other optical disk, mini disk, DVD, USB (Universal Serial Bus) memory. Data and signals are transmitted online via a bus 912, signal lines, cables, or other transmission media.

In addition, what is described as “˜unit” in the description of the first and second embodiments may be “˜circuit”, “˜device”, “˜device”, and “˜step”, It may be “˜procedure” or “˜processing”.
That is, what is described as “˜unit” may be realized by firmware stored in the ROM 913. Alternatively, it may be implemented only by software, or only by hardware such as elements, devices, substrates, and wirings, by a combination of software and hardware, or by a combination of firmware. Firmware and software are stored as programs in a recording medium such as a magnetic disk, a flexible disk, an optical disk, a compact disk, a mini disk, and a DVD. The program is read by the CPU 911 and executed by the CPU 911. That is, the program causes the computer to function as the “˜unit” in the first and second embodiments. Alternatively, the computer executes the procedure and method of “to unit” in the first and second embodiments.

  As described above, the access authority management apparatus 101 shown in the first and second embodiments includes a CPU as a processing device, a memory as a storage device, a magnetic disk, a keyboard as an input device, a mouse, a communication board, and a display device as an output device, A computer including a communication board or the like, and implements the functions indicated as “˜units” as described above using these processing devices, storage devices, input devices, and output devices.

FIG. 3 is a diagram illustrating an example of a system configuration according to the first embodiment. FIG. 5 shows an example of state chart information according to the first embodiment. FIG. 4 is a diagram showing an example of an access authority change rule according to the first embodiment. FIG. 5 is a diagram showing an example of a state change rule according to the first embodiment. FIG. 6 is a diagram illustrating an example of state information according to the first embodiment. FIG. 6 shows an example of context information according to the first embodiment. FIG. 4 is a diagram illustrating an example of static information according to the first embodiment. FIG. 3 is a flowchart showing an example of a processing flow of the access authority management device according to the first embodiment. FIG. 4 is a flowchart showing an example of a processing flow of an access authority change request unit according to the first embodiment. FIG. 4 is a flowchart showing an example of a processing flow of a state change request unit according to the first embodiment. FIG. 3 is a flowchart showing an example of a processing flow of a state management unit according to the first embodiment. FIG. 4 is a diagram illustrating an example of a system configuration according to Embodiment 2. FIG. 10 is a diagram illustrating an example of state chart information according to the second embodiment. FIG. 10 is a diagram illustrating an example of an access authority change rule according to the second embodiment. FIG. 10 is a diagram illustrating an example of a state change rule according to the second embodiment. FIG. 3 is a diagram illustrating a hardware configuration example of an access authority management device according to the first and second embodiments.

Explanation of symbols

  1 state information storage unit, 2 state chart storage unit, 3 state management unit, 4 access authority change rule storage unit, 5 access authority change request unit, 6 access authority change execution unit, 7 context information collection unit, 8 static information collection Section, 9 state change rule storage section, 10 state change request section, 11 access authority storage section, 12 entrance / exit control section, 13 doors, 14 access control section, 15 electronic information storage section, 100 entrance / exit management system, 101 access Authority management device, 200 access control system.

Claims (9)

An access authority management device that manages the access authority of the user to the access restriction object based on the state of the user who uses the access restriction object to which access is restricted,
A transition destination determination unit that determines a state transition destination according to the state transition condition of the generated state transition event each time a state transition event that matches any state transition condition occurs for the user;
The current state of the user is managed, and every time the transition destination of the user is determined by the transition destination determination unit, the transition destination determination unit determines from the current state of the user It is determined whether or not the state transition to the transition destination matches the state transition order specified for the user, and the use is performed when the state transition matches the state transition order. A state management unit that changes the current state of the person to the transition destination state determined by the transition destination determination unit;
When the current state of the user is changed to the transition destination state by the state management unit, the access authority of the user to the access restricted object is newly determined based on the changed state. An access authority management device comprising an access authority determination unit. The state management unit
If the state transition does not match the state transition order, do not change the current state of the user,
The access authority determination unit
When said by the state management unit of the current state of the user does not change, the access authority management device according to claim 1, characterized in that maintaining the current access rights of the user. The access authority management device further includes:
An access right application rule storage unit for storing an access right application rule indicating an access right to the access restricted object for each state;
The access authority determination unit
When the current state of the user is changed to the transition destination state, the access authority application rule is referred to, and the access authority of the user to the access restriction object is determined based on the changed state. The access authority management apparatus according to claim 1, wherein the access authority management apparatus is newly determined. The access authority management device further includes:
A transition destination determination rule storage unit for storing a transition destination determination rule indicating a state transition destination for each state transition condition;
The transition destination determination unit
2. The state transition destination of the user is determined according to a state transition condition of the generated state transition event with reference to the transition destination determination rule every time a state transition event occurs. The access authority management device according to any one of to 3 . The access authority management device includes:
A plurality of entrance restricted areas whose entrance is restricted by the entrance management device are set as the access restricted object,
The transition destination determination unit
As a state transition event, for each user, every time an admission restriction release event is released in which admission restriction by the admission management device is released, the state transition destination is determined according to the admission management device for which the admission restriction is released,
The access authority determination unit
When the current state of the user is changed to the state of the transition destination by the state management unit, the entrance management device has a new access authority based on the changed state for each entrance management device. access authority management device according to any one of claims 1 to 4, characterized in that to determine the limit of release permission. The access authority management device includes:
6. The access authority management device according to claim 5 , wherein at least one of each entrance management device and a control device that controls each entrance management device is notified of whether or not the entrance restriction can be canceled for the user. The access authority management device includes:
The access restriction data whose data access is restricted by the data access management device is defined as the access restriction object,
The access authority management apparatus according to any one of claims 1 to 6 , wherein a data access authority to the access restriction data of the user is notified to the data access management apparatus. An access authority management method for managing an access authority of the user to the access restriction object based on a state of the user who uses the access restriction object to which access is restricted,
A transition destination determination step in which the computer determines a state transition destination according to the state transition condition of the generated state transition event each time a state transition event that matches any state transition condition occurs for the user. ,
Each time the computer manages the current state of the user and the transition destination of the user is determined by the transition destination determination step, the transition destination determination step from the current state of the user. When it is determined whether the state transition to the determined transition destination matches the state transition order specified for the user, and the state transition matches the state transition order A state management step for changing the current state of the user to the transition destination state determined by the transition destination determination step;
Computer, if the current state of the user by the state management step is changed to the state of the transition destination, based on the state after the change, a new access to the access restriction object of the user And an access authority determining step for determining the access authority. Based on the state of the user who uses the access restriction object whose access is restricted, a computer that manages the access authority of the user to the access restriction object,
A transition destination determination process for determining the state transition destination according to the state transition condition of the generated state transition event each time a state transition event that matches any state transition condition occurs for the user,
The current state of the user is managed, and each time the transition destination of the state is determined for the user by the transition destination determination process, the transition destination determination process is determined from the current state of the user. It is determined whether or not the state transition to the transition destination matches the state transition order specified for the user, and the use is performed when the state transition matches the state transition order. A state management process for changing the current state of the person to the transition destination state determined by the transition destination determination process;
When the current state of the user is changed to the transition destination state by the state management process, the access authority to the access restriction object of the user is newly determined based on the changed state. A program for executing an access authority determination process.

Images