JP5340752B2 - Security system - Google Patents

Description

  The present invention relates to a security system, and more particularly to a technique for preventing information leakage from a security management area that allows only a specific person to enter a room such as a corporate office or a laboratory.

  While data communication networks such as the Internet have become widespread, in recent years, information held by companies and various business entities tends to be centrally managed by computers. For this reason, if the information protection is not sufficient, a large amount of confidential information such as personal information, customer data, and confidential information may be easily leaked through the network as compared with the era of paper documents. For this reason, various security techniques for preventing leakage of information are provided (see, for example, the following patent document).

JP 2008-77362 A JP 2006-309698 A Japanese Patent Laid-Open No. 2008-15786 JP 2008-160803 A

  By the way, in order to prevent information leakage, it is fundamental to eliminate physical intrusion of outsiders (external access to the management area) and intrusion through communication lines (unauthorized access). It is not enough. This is because even a person inside an organization needs to cope with fraud such as operating a terminal device by impersonating another person and obtaining, for example, unauthorized data or transmitting it to the outside.

  On the other hand, companies and offices may perform authentication using IDs and passwords, for example, to restrict the use of terminals used by each person and access to specific information. However, even if such an authentication process is performed, sufficient security is not always obtained. This is because it is not always easy to thoroughly manage passwords for everyone, and in reality there are many cases where the authentication function cannot be fully utilized. For example, you can use a birthday or personal name that can be easily estimated by someone else as a password, or in extreme cases, stick a note with your password on your desk so that you do not forget it. A difference is inevitable. Also, passwords tend to be fixed due to the inconvenience of periodically changing them, and it is not impossible to know another person's password by stealing key operations.

  On the other hand, in the invention described in Patent Document 1 (Japanese Patent Application Laid-Open No. 2008-77362), user authentication processing at the time of entering / exiting a security management area that handles confidential information and user authentication processing using a terminal device after entering the room are performed. The security level is improved by limiting the number of terminals that can be associated and used. However, in the method described in this document 1, if a user enters a room and satisfies the condition that the upper limit number of terminals used is not satisfied, another person can easily authenticate from one of the terminals permitted to the user. Can access the network freely.

  Patent Document 2 (Japanese Patent Application Laid-Open No. 2006-309698), Patent Document 3 (Japanese Patent Application Laid-Open No. 2008-15786) and Patent Document 4 (Japanese Patent Application Laid-Open No. 2008-160803) all use a computer from a remote location via a network. The present invention relates to an access control technology in terminal service (remote access), and is not intended for a usage form in which a terminal installed in a management area such as a corporate office is used by a plurality of persons in the area.

  Therefore, an object of the present invention is to increase the security level in the security management area and more reliably prevent information leakage.

  In order to solve the above problems and achieve the object, a first security system according to the present invention includes a plurality of terminal devices installed so as to be connectable to an external network via an internal network constructed inside a security management area, A communication gate unit that is interposed between the terminal device and the internal network or between the internal network and the external network and enables the terminal device to be connected to the internal network or the external network, and uses the terminal device A user information storage unit capable of storing user identification information in advance as user information in association with at least one of the user and the terminal device, and closing the doorway of the security management area The user enters and exits the security management area including the entrance / exit gate. An entry / exit gate unit that restricts at least entry, an identification information input unit that is provided outside the entry / exit gate and allows a user entering the security management area to input his / her identification information, and the identification information input The identification information input through the user information is compared with the user information stored in advance in the user information storage unit, and the input identification information is stored in the user information storage unit in advance. An entrance authentication unit that performs identity authentication by determining whether the identity information matches, a one-time password issue unit that issues a one-time password to the user when the identity authentication is successful, and the one-time Issued by the entrance authentication notifying unit for providing the user with the password outside the entrance / exit gate and the one-time password issuing unit The password and the password input from the terminal device associated with the user are compared, and if they match, the authentication is successful, and even if they do not match or do not match, the user information is specified. A terminal authentication unit that determines that authentication is unsuccessful when the input is from a terminal device other than the terminal device. The entrance / exit gate unit opens the entrance / exit gate when authentication by the entrance authentication unit is successful, and closes the entrance / exit gate when unauthenticated and authentication is unsuccessful. The unit permits the connection of the terminal device to the network when the authentication by the terminal authentication unit is successful, and blocks the connection of the terminal device to the network when unauthenticated and unsuccessful.

  The security system according to the present invention uses a terminal device installed inside a security management area (hereinafter also simply referred to as a management area) in which entry (or further exit) is restricted by an entry / exit gate, particularly activation and communication. By restricting (such as network connection and use of software that involves communication), information leakage from the management area is prevented. In the first security system, the terminal device restricts connection to the network. This prevents information from leaking from the management area.

  Only certain persons registered in advance are allowed to enter the management area. In order to achieve this, in the present invention, an entrance / exit gate is provided at the entrance / exit of the management area to close the entrance / exit, and an entrance authentication unit for confirming the identity is provided, and the management is provided outside the entrance / exit gate (management area). An identification information input unit that reads identification information of a person who intends to enter the area is arranged.

  The entry / exit gate refers to a structure that can physically block a person from entering the room, and can be configured by, for example, a door, a gate, a bar, or the like. The number of entrance / exit gates (the entrance / exit of the management area) is not limited to one (one place), and may be provided at a plurality or at a plurality of places.

  The security management area referred to in the present invention may be of any type, ownership, scale, name, etc. Examples include corporations, public institutions (government agencies, government offices, international organizations, etc. of national and local governments), universities and other educational and research institutions, private business owners, etc., offices, research laboratories, call centers, and other facilities. However, it is not limited to these. The management area may be the whole building or a part of the building (a specific room, space, etc.).

  As the identification information, it is preferable to use information indicating physical characteristics such as a vein pattern of a hand, a fingerprint, an iris, and a retina from the viewpoint of improving authentication accuracy (certainty of identity verification). However, in addition to such biometric authentication information, it is also possible to store data in, for example, a magnetic card or an IC card using RFID, which can be carried by the user, and use this as identification information. A reader that reads any one of these (or two or more of them can be used in combination) is installed outside the entrance / exit gate (management area) as an identification information input unit.

  Further, in the first system of the present invention, in order to perform authentication by the entrance authentication unit, a user information storage unit for storing information for identifying a user is provided, and the user information storage unit enters the management area. Is stored in advance as user information in association with at least one of the user and the terminal device. A person who wants to enter the management area inputs the identification information from the identification information input unit. The entrance authentication unit compares the input identification information with the user information stored in the user information storage unit. If the input identification information matches the identification information of any user stored in advance in the user information storage unit, the authentication is successful, and if the ID does not match or does not match, the use If it is input from a terminal device other than the terminal device specified by the person information, it is determined that the authentication has failed.

  If the authentication is successful, the one-time password issuing unit issues a one-time password, and the entrance / exit gate unit opens the entrance / exit gate. The one-time password is a temporary password (different for each authentication) made up of several digits or symbols, for example, and is provided to the user by the entrance authentication notification unit. As a method of providing a password to the user by the entrance authentication notification unit, a method of notifying the user visually, for example, displaying on a display device (LCD or the like) can be cited as a typical example, but is not limited thereto. It is also possible to use a method of writing in a magnetic card or IC card carried by the user, a portable storage medium (for example, a flash memory), or the like.

  The entrance authentication notification unit is arranged outside the entrance / exit gate, and therefore is not visible to humans in the management area, and passwords are not known to other users in the management area. In addition, when a user in the management area once exits and enters the room again, a different one-time password is issued again by the one-time password issuing unit in the same way as at the first entry (issued when entering the previous time). The password is invalid), and the terminal authentication described later is performed with this new password.

  If the authentication by the entrance authentication unit is unsuccessful, or if identification information has not yet been entered in the identification information input unit (unauthenticated), the entrance / exit gate unit does not open the entrance / exit gate, and the entrance / exit of the management area Remains closed. In the present invention, the entrance / exit gate section may restrict at least entry between entry and exit, and allow the entry to be free, or restrict both entry and exit. A configuration example of a system that restricts leaving in addition to entering will be described later.

  The one-time password issued by the one-time password issuing unit is also provided to the terminal authentication unit, and the terminal authentication unit uses this to perform terminal authentication. Specifically, the terminal authentication unit compares the password issued by the one-time password issuing unit with the password input from the terminal device associated with the user, and if both match, the terminal authentication unit If both are not matched or are matched but are inputted from a terminal device other than the terminal device specified by the user information, the authentication is determined to be unsuccessful. If the authentication is successful by the terminal authentication unit, the communication gate unit permits the connection of the terminal device to the network. On the other hand, when the authentication is not performed or when the authentication by the terminal authentication unit is unsuccessful, the communication gate unit blocks the connection of the terminal device to the network and does not pass any data (packet).

  In addition, the network said here means either one or both of an internal network (LAN) and an external network (for example, the internet). That is, based on the result of the terminal authentication, the connection may be permitted (when authentication is successful) or blocked (when authentication is unsuccessful or unauthenticated) for both the internal network and the external network. The connection may always be permitted (only when authentication is successful) or blocked (when authentication is unsuccessful or unauthenticated) only for connection to an external network, regardless of the authentication result.

  In addition, in order to identify a terminal device in the authentication processing by the terminal authentication unit and the processing for determining whether or not the communication gate unit can connect to the network, for example, the IP address (local address or global address) or MAC address of the terminal device is used. Just do it. Further, as a specific method for permitting and blocking the connection to the network by the communication gate unit, for example, when permitting connection to the network (successful authentication), the terminal device is set as a transmission source or a transmission destination. If the communication gate unit relays the communication packet to be transmitted and the connection to the network is interrupted (authentication unsuccessful or unauthenticated), the communication packet having the terminal device as the transmission source or transmission destination is discarded. good. Further, the present invention is not limited to such a method. For example, a communication gate corresponding to each terminal device is provided, and the communication gate is physically turned on and off to connect and disconnect the network. Other methods are also possible. The communication gate unit can be configured by, for example, a router, a switch, a proxy server, or the like that can relay communication packets. The network referred to in the present invention may be either wired or wireless.

  According to the first security system of the present invention, identity verification is performed by authentication means (preferably biometric authentication) arranged at the entrance / exit of the management area, and this authentication is combined with a one-time password that changes every time the user enters the room. Even if each terminal device does not have an authentication function, it is possible to provide each terminal device with security substantially equivalent to the authentication (biometric authentication as a preferred example). Even if a correct one-time password is input from a terminal device other than a pre-assigned terminal device, authentication by the terminal authentication unit is unsuccessful. It is also possible to prevent unauthorized access to data or transmission to the outside by using a terminal device (unassigned) without permission.

  In the first security system (the same applies to the third security system described later), a terminal device installed in the management area is stored in the user information storage unit as user information in advance to a specific user. Assigned. On the other hand, the second security system of the present invention described below (the same applies to the fourth security system described later) allows an arbitrary terminal device installed in the management area to be used (the terminal device is assigned to the user in advance). (Specified at the entrance of the management area). Examples of management areas suitable for such operations include, but are not limited to, a call center that accepts mail order sales, a support center that provides customer support for products and services, and the like.

  That is, a second security system according to the present invention includes a plurality of terminal devices installed so as to be connectable to an external network via an internal network constructed inside a security management area, and the terminal device and the internal network. A communication gate unit interposed between or between the internal network and the external network so that the terminal device can be connected to the internal network or the external network, and identification information of a user who uses the terminal device, A user information storage unit that can be stored in advance as user information in association with a user, and an entrance / exit gate that closes an entrance / exit of the security management area so as to be openable / closable. Of these, at least the entrance / exit gate part that restricts entry, and the entrance / exit gate An identification information input unit that is provided outside and allows a user who enters the security management area to input his / her identification information, and the identification information input through the identification information input unit and the user information storage unit are stored in advance. The authentication unit authenticates the user by comparing with the user information and determining whether the input identification information matches any of the user identification information stored in advance in the user information storage unit. And a one-time password issuing unit that issues a one-time password to the user when the personal authentication is successful, and a terminal device to be used by the user when the personal authentication is successful. A terminal designating unit that issues terminal designating information for identifying at least one of a plurality of terminal devices; and the one-time password and the terminal designating information Compare the entrance authentication notification unit provided to the user outside the room gate, the password issued by the one-time password issuing unit, and the password input from the terminal device specified by the terminal designation information, If both match, authentication succeeds, and if both do not match or match but are input from a terminal device other than the terminal device specified by the terminal designation information, the authentication is determined to be unsuccessful. A terminal authentication unit. The entrance / exit gate unit opens the entrance / exit gate when the authentication by the entrance authentication unit is successful, and closes the entrance / exit gate when unauthenticated and authentication is unsuccessful, and the communication gate unit performs terminal authentication. When the authentication by the unit is successful, the connection of the terminal device to the network is permitted. On the other hand, when the authentication is unauthenticated and the authentication is unsuccessful, the connection of the terminal device to the network is blocked.

  Similar to the first security system, the second security system of the present invention includes a plurality of terminal devices, a communication gate unit, a user information storage unit, an entrance / exit gate unit, an identification information input unit, an entrance authentication unit, one A time password issuing unit, an entrance authentication notifying unit, and a terminal authenticating unit, but when the user authentication by the entrance authenticating unit is successful, the user should use at least one of the plurality of terminal devices. A terminal designating unit that issues terminal designating information for specifying one device is further provided, and this terminal designating information is provided to the user together with the one-time password by the entrance authentication notifying unit. Therefore, in the second system, the user information storage unit stores the identification information of the user who uses the terminal device in advance as user information in association with the user, but associates the terminal device with the user. There is no need to have information.

  The terminal authentication unit compares the password issued by the one-time password issuing unit with the password input from the terminal device specified by the terminal designation information. If they match, the authentication is successful and the two do not match If they are input from a terminal device other than the terminal device specified by the terminal designation information even if they match, it is determined that the authentication has failed. The processing after authentication by the entrance authentication unit and the terminal authentication unit (opening / closing of the entrance / exit gate and whether or not the terminal device can be connected to the network) is the same as in the first security system.

  The first and second security systems may further include a communication monitoring unit that monitors packets passing through the communication gate unit and detects predetermined unauthorized packets that are not permitted. When an illegal packet is detected by the communication monitoring unit, the communication gate unit cuts off the connection to the network of the terminal device that is the transmission source or destination of the illegal packet.

  The above illegal packet can be set in various settings (what is permitted and what is not permitted) depending on the management policy of the management area. In particular, packets and connection requests to unauthorized destinations Is included. This permission / disapproval (for example, a specific connection destination is permitted to connect but others are prohibited, a specific destination is permitted to send mail but others are prohibited, etc.) is, for example, an attribute of the user ( (Job type, position, authority, etc.) may be determined in advance. Whether or not the packet is an illegal packet is determined by, for example, the destination / connection destination address, port number, URL, protocol (for example, FTP (File Transfer Protocol) or SMTP (Simple Mail Transfer Protocol) is not permitted), etc. Judgment may be made according to the above. Furthermore, it is possible to check the contents of the data and use the ones with specific contents (for example, including specific words) as the illegal packets.

  A third security system according to the present invention includes a plurality of terminal devices installed so as to be connectable to an external network via an internal network constructed inside a security management area, and a user who uses the terminal device. A user information storage unit capable of preliminarily storing identification information as user information in association with at least one of the user and the terminal device, and an entrance / exit gate for closing the entrance / exit of the security management area Including an entrance / exit gate part that restricts at least entry of the user to and from the security management area, and a user who enters the security management area provided outside the entrance / exit gate identifies himself / herself. An identification information input unit capable of inputting information, the identification information input through the identification information input unit, and the use By comparing the user information stored in advance in the information storage unit and determining whether the input identification information matches the identification information of any user stored in advance in the user information storage unit An entrance authentication unit that performs personal authentication, a one-time password issuing unit that issues a one-time password to the user when the personal authentication is successful, and the use of the one-time password outside the entrance / exit gate Compare the password issued by the one-time password issuing unit with the password entered from the terminal device associated with the user, and authenticate if they match It is input from a terminal device other than the terminal device specified by the user information even if the success and both do not match or match A terminal authentication unit that determines that the authentication is unsuccessful, and the entrance / exit gate unit opens the entrance / exit gate when the authentication by the entrance authentication unit is successful, while unauthenticated and unsuccessful authentication. In this case, the entrance / exit gate is closed, and the terminal device is restricted in use unless authentication by the terminal authentication unit is successful.

  As in the first security system, the third security system includes a plurality of terminal devices, a user information storage unit, an entrance / exit gate unit, an identification information input unit, an entrance authentication unit, a one-time password issuing unit, an entrance With an authentication notification unit and terminal authentication unit, the entrance / exit gate unit opens the entrance / exit gate when authentication by the entrance authentication unit is successful, while it closes the entrance / exit gate when unauthenticated and authentication is unsuccessful However, use restrictions are imposed on the terminal device unless authentication by the terminal authentication unit is successful.

  Examples of this use restriction include prohibition of activation of a terminal device (for example, activation of an OS) or prohibition of use of software accompanying communication. Software that involves communication includes e-mail software (mailer) and file browsing software (Web browser, database browsing software, etc.). For example, the activation of a terminal device (or even word processing software or spreadsheet software) Use of an application without communication) is permitted, but use of all or some of the software with communication is conceivable. Even by such measures, it is possible to prevent information leakage to the outside and access to unauthorized information.

  A fourth security system according to the present invention includes a plurality of terminal devices installed so as to be connectable to an external network via an internal network constructed in the security management area, and identification information of a user who uses the terminal device. A user information storage unit that can be stored in advance as user information in association with the user, and an entrance / exit gate that closes the entrance / exit of the security management area so as to be openable and closable; An entry / exit gate unit that restricts at least entry among the exits, an identification information input unit that is provided outside the entrance / exit gate and allows the user entering the security management area to input his / her identification information, and the identification information Compare the identification information input through the input unit with the user information stored in advance in the user information storage unit, When the entered identification information matches with any one of the user identification information stored in advance in the user information storage unit to authenticate the user and when the user authentication is successful A one-time password issuing unit for issuing a one-time password to the user, and at least one of the plurality of terminal devices as a terminal device to be used by the user when the personal authentication is successful. A terminal designating unit for issuing terminal designating information for identifying a table, an entrance authentication notifying unit for providing the user with the one-time password and the terminal-identifying information outside the entrance / exit gate, and the one-time password issuing unit. Is compared with the password entered from the terminal device specified by the terminal designation information, If the authentication is successful, the authentication is successful, and the terminal authentication for determining that the authentication is unsuccessful when the two do not match or is input from a terminal device other than the terminal device specified by the terminal designation information even if they match And the entrance / exit gate unit opens the entrance / exit gate when the authentication by the entrance authentication unit is successful, while closing the entrance / exit gate when unauthenticated and authentication is unsuccessful, The terminal device is restricted in use unless authentication by the terminal authentication unit is successful.

  This fourth security system imposes usage restrictions on the terminal device as long as the authentication by the terminal authentication unit is not successful as in the third system, but unlike the third system, This corresponds to a usage mode that is not previously assigned to the user. For this reason, this fourth system, like the second system, includes a terminal designating unit that issues terminal designating information, and provides the terminal designating information to the user together with the one-time password by the entrance authentication notification unit. . The user may input a one-time password from the designated terminal device and receive authentication by the terminal authentication unit. Note that the processing by the entrance authentication unit and the processing by the terminal authentication unit in the fourth system are the same as those in the second system and the third system, respectively, and thus redundant description is omitted.

  In each of the first to fourth systems, an expiration date may be provided for the one-time password. In this case, after a certain time (for example, several minutes to several tens of minutes after the issuance) has passed since the one-time password is issued by the one-time password issuing unit, the terminal authentication unit invalidates the one-time password from the terminal device. Authentication is also unsuccessful if the entered password matches the one-time password.

  Further, in each of the first to fourth systems, the terminal authentication unit performs authentication by using a fixed password (a combination of the one-time password and the fixed password) in addition to the one-time password authentication. You may do it. This is to improve security. In this case, it is assumed that the fixed password is shared between the user and the terminal authentication unit in advance. Specifically, the fixed password may be stored in the user information storage unit in association with the user as the user information, for example, and the terminal authentication unit may authenticate using this user information. .

  When terminal authentication is performed using both fixed and one-time passwords as described above, the fixed password input from the terminal device may be simply compared with the one-time password (for example, the fixed password and the one-time password). (Sequentially determine whether they match with each other), for example, authenticate based on the addition result of both fixed and one-time passwords, or use a fixed password as a private key and a one-time password as a public key Various methods such as performing authentication using a public key method can be adopted.

  Further, in each of the first to fourth systems, when a terminal device that has been successfully authenticated is not operated for a certain period of time, a process may be performed to detect this and return to an unauthenticated state. This is to prevent other people from using the terminal device when a legitimate user leaves the seat. Specifically, in any one of the first to fourth systems, the system further includes a terminal operation detection unit that detects the presence or absence of an operation of the terminal device, and the terminal device is not operated for a certain period of time by the terminal operation detection unit. In order to cancel the authentication by the terminal authentication unit, the terminal device may be imposed with a state where the communication gate unit can be connected to the network (blocking communication) or the use restriction of the terminal device (hereinafter referred to as “restriction”). This process is called "automatic logoff").

  Further, in place of the automatic logoff process or in addition to the automatic logoff process, when the user leaves the terminal apparatus for which authentication has succeeded, a process of detecting this and returning the terminal apparatus to the unauthenticated state is performed. You may make it do.

  Specifically, in addition to any one of the first to fourth systems or the system including the automatic logoff process, a user who is provided inside the entrance / exit gate and exits the security management area has his / her identification information. The identification information inputted by comparing the identification information input through the room identification information input unit with the user information stored in the user information storage unit in advance. Is provided with an exit detection unit that determines that the user has exited when it matches the identification information of any user stored in advance in the user information storage unit, and the exit of the user by the exit detection unit When the terminal is used by the user to cancel authentication by the terminal authentication unit, the communication gate unit can connect to the network. Release (interruption of communication) or to apply the restrictions on the use of the terminal device (hereinafter, referred to this process as "exit logoff").

  With this system configuration equipped with such an exit logoff or automatic logoff function, there is no need to worry about other users using their terminal devices when they leave their seats, go out, or leave the office. It becomes possible to carry out daily work without being particularly conscious of terminal security (so-called forgetting to erase).

  According to the present invention, information leakage from the security management area can be prevented and the security level can be improved.

  Other objects, features, and advantages of the present invention will become apparent from the following description of embodiments of the present invention described with reference to the drawings. The following embodiment shows an example of a system included in the present invention, and the present invention is not limited to this. Various modifications are made within the scope of the claims. It will be apparent to those skilled in the art that this is possible.

FIG. 1 is a block diagram showing a security system according to an embodiment of the present invention. FIG. 2A is a flowchart showing processing in the security system according to the embodiment. FIG. 2B is a flowchart showing processing in the security system according to the embodiment.

  FIG. 1 shows a security system according to an embodiment of the present invention. As shown in the figure, this security system is provided with an entrance / exit gate section 11 at the entrance / exit of the security management area 1 to restrict the entry of users, while the management area 1 includes an internal network 2 (for example, an intranet). LAN) and a plurality of terminal devices (hereinafter also referred to as terminals) 31, 32 for use by users, a communication gate unit 41 for connecting these terminals 31, 32 to the internal network 2, An entrance authentication server (entrance authentication unit) 21 that performs first authentication (biometric authentication) for a user, and a terminal authentication server (terminal that performs second authentication (password authentication) for a user at each of the terminals 31 and 32) An authentication unit) 24, a one-time password generation unit 25 that generates a one-time password, and a user information storage unit 22 that stores user information 23. That.

  Further, the internal network 2 is connected to a database 3 storing various data necessary for business including confidential information (for example, customer data and personal information) for use from the terminals 31 and 32. Further, the internal network 2 is connected to the external network 5 (for example, the Internet) via the firewall 55, and the terminals 31 and 32 can satisfy predetermined conditions (success in entrance authentication and terminal authentication described later) according to the present invention. For example, it is possible to communicate with other devices (the database 3 and other terminals, other servers not shown) connected to the internal network 2 via the communication gate unit 41 and the external network 5.

  The terminal devices 31 and 32 are typically desktop or notebook personal computers or workstations. Further, as described later, when the terminals 31 and 32 are not operated for a certain period of time, this is detected and automatically logged off, so whether or not each terminal 31 and 32 is operated (not operated for a certain period of time). The terminal operation detection part 35 which detects this is provided. In the drawing, only two terminal devices 31 and 32 and two communication gates 51 and 52 and two terminal operation detection units 35 are shown in accordance with the two terminal devices 31 and 32. However, an arbitrary number of three or more terminal devices are provided. Correspondingly, three or more communication gates and terminal operation detection units can be provided.

  The entrance / exit gate unit 11 includes an entrance / exit gate 12 that physically restricts user entry, an entrance / exit gate control unit 13 that controls opening and closing of the gate 12, and biometric information reading for inputting user biometric information. And a display notification unit 15 for displaying a one-time password. In this embodiment, a vein pattern is used as the biological information, and a reader for reading the vein pattern is installed outside the entrance / exit gate 12 (outdoor) as the biological information reader 14.

  The display notification unit 15 notifies the user of a one-time password, which will be described later, by displaying it on an LCD (liquid crystal display), for example. The screen of the display notification unit 15 is installed so as to face the outside direction of the management area 1 (the direction opposite to the inside of the management area). For example, the wall that partitions the management area 1 and the outside is made of glass. Even if it is transparent, a user standing outside the entrance / exit gate 12 (a person who intends to enter the room) can see the display screen, but a person inside the management area 1 can see the display screen. Without knowing the one-time password. In this embodiment, the entrance / exit gate 12 is a door that can be unlocked / opened and locked / closed by electrical action, and the entrance / exit gate control unit 13 performs unlocking / opening and locking / closing.

  The user information storage unit 22 includes, as information (user management information) 23 for managing users, a user ID that identifies a user, a terminal ID that identifies a terminal to be used by the user, and the user The vein pattern, which is the biometric information, and the fixed password that is previously shared (stored by the user) with the user are stored in advance for all users who use the management area 1. This user information (eg, terminal ID, fixed password, etc.) can be appropriately rewritten, deleted, or newly registered by the administrator.

  The communication gate unit 41 corresponds to each of the terminals 31 and 32. The communication gates 51 and 52 open and close the communication path between the terminals 31 and 32 and the internal network 2, and the communication gate control unit controls the communication gates 51 and 52. 42 and an illegal packet detection unit (communication monitoring unit) 43 that detects an unpermitted packet. The communication path (communication gates 51 and 52) can be opened and closed (connected / blocked) by the communication gate unit 41 by software so as to relay permitted packets and discard unpermitted packets. It is also possible to perform by physically opening and closing the transmission line like a typical switch.

  In addition, the communication gate unit 41 has a monitoring function for monitoring whether unauthorized communication is performed even after successful terminal authentication and blocking unauthorized communication. Specifically, the illegal packet detector 43 monitors the communication performed by the terminal devices 31 and 32 through the communication gates 51 and 52 in real time, and when an illegal packet is detected, This is notified to the terminal authentication server 24. Upon receiving the detection signal from the illegal packet detection unit 43, the terminal authentication server 24 cancels the authentication and closes the communication gates 51 and 52 corresponding to the terminals 31 and 32 via the communication gate control unit 41 to perform communication. Cut off.

  As described above, an illegal packet is a packet or a connection request to a transmission destination that is not permitted by the user, and the illegal packet detection unit, for example, an address or a port number of the transmission destination / connection destination. An illegal packet is detected by URL, protocol, or the like. It is also possible to check the contents of the data and to make the packet with a specific content (for example, including a specific wording) the illegal packet. Such a monitoring function can also be provided in the firewall 55. In this case, the illegal packet detection unit 43 is provided in the firewall 55.

  The communication gate unit 41 can be constituted by, for example, a hub / router device or server having a hub function and a router function. Furthermore, although the communication gate unit 41 and the firewall 55 are described as separate functional blocks in the illustrated example, they can be integrated as a proxy server (configured as one server), for example. Furthermore, although the entrance authentication server 21 and the terminal authentication server 24 are also separate servers in the present embodiment, they can be combined into a single authentication server having an entrance authentication function and a terminal authentication function. .

  Processing in the security system according to the present embodiment will be described with reference to FIGS. 2A to 2B.

  A user who wants to enter the management area 1 first inputs his or her biological information (vein pattern) by placing his hand over the biological information reading unit 14 provided at the entrance of the management area 1 (step S101). This biometric information is transmitted to the entrance authentication server 21, and the entrance authentication server 21 performs a primary authentication process (step S102). Specifically, the entrance authentication server 21 searches the user management information 23 stored in the user information storage unit 22 to check whether the same vein pattern exists. When the same vein pattern does not exist, the fact that authentication is unsuccessful is displayed through the display notification unit 15 (step S119), and the user enters the management area 1 while the entrance / exit gate 12 remains locked and closed. I can't. On the other hand, if the same vein pattern exists, the entrance authentication server 21 transmits primary authentication result data associated with the user to the terminal authentication server 24 as successful authentication. This primary authentication result data includes a user ID.

  The terminal authentication server 24 that has received the primary authentication result data generates a one-time password through the one-time password generation unit 25 and transmits it to the entrance authentication server 21 (step S104). This one-time password is, for example, about four digits in consideration of ease of storage and security for the user, but is not limited to this, and includes three digits or less, five digits or more, or characters and symbols. Other than this may be used. The one-time password generation unit 25 creates a random four-digit number using a known one-time password generation program and transmits it to the terminal authentication server 21.

  The terminal authentication server 24 searches the user management information 23 stored in the user information storage unit 22 using the user ID included in the primary authentication result data as a key, and obtains the terminal ID of the user. Thus, a terminal assigned to the user is specified, and a fixed password is obtained to perform terminal authentication processing described later. The terminal authentication server 24 stores the one-time password issued to the user in association with the terminal ID together with the fixed password.

  The one-time password has an expiration date. This expiration date is the minimum necessary for the user to move to a terminal (eg, terminal 31 / hereinafter, described as being assigned to the user 31) and complete the authentication process at the terminal 31. Set the time limit. For example, it is about several tens of seconds to several minutes. The terminal authentication server 24 counts the time from a predetermined time (for example, when a one-time password is received from the one-time password generator 25 or when a one-time password is transmitted to the entrance authentication server 21) (step S105). When the expiration date has passed, terminal authentication is unsuccessful as described later.

  The terminal authentication server 24 transmits the one-time password to the entrance authentication server 21 (step S104) and transmits an authentication standby command to the terminal 31 assigned to the user (step S106). On the other hand, the entrance authentication server 21 transmits the one-time password received from the terminal authentication server 24 to the user through the display notification unit 15 (by displaying it on the LCD) (step S107). The user can see and remember the one-time password displayed on the screen. If the terminal device 31 has an interface of a removable storage device (for example, a flash memory such as a USB memory or a memory card), the one-time password is transferred to the storage device carried by the user. The terminal authentication described later may be performed by inserting the storage device into the terminal 31.

  Upon receiving the one-time password, the entrance authentication server 21 transmits an instruction to open the entrance / exit gate 12 to the entrance / exit gate control unit 13. Upon receiving this instruction, the entrance / exit gate control unit 13 unlocks and opens the entrance / exit gate 12. Further, the terminal 31 that has received the authentication standby instruction prompts the user to input a password by displaying a password input screen. The user enters the management area 1 through the opened entrance / exit gate 12, and sits at the terminal 31 assigned to him / her and inputs the password.

  When the fixed password and the one-time password are input to the terminal 31, the terminal 31 creates an authentication request packet including these passwords and transmits it to the terminal authentication server 24 (step S109). In response to this authentication request, the terminal authentication server 24 executes secondary authentication processing (steps S110 to S111). Specifically, the terminal authentication server 24 includes a terminal ID (for example, a local IP address or MAC address of the terminal), a fixed password and a one-time password included in the authentication request packet transmitted from the terminal 31, and the one-time password. The terminal ID, fixed password, and one-time password stored at the time of issuance are compared, and if all of them match, an activation command is transmitted to the terminal 31 as successful authentication. Then, the terminal 31 that has received the activation command executes a logon process (step S112) and notifies the user that the authentication is successful by displaying it on the display.

  In this embodiment, the password input method and the authentication method by the terminal authentication server are such that a fixed password and a one-time password are simply input simultaneously to determine whether both passwords are correct. Various other methods can be adopted as the input method and authentication method. For example, it is possible to enter either a fixed or one-time password and authenticate it first, and if it succeeds, enter the other password and then perform the next authentication. Even if both passwords are entered at the same time, as described above, for example, an added value of both passwords is calculated to determine whether it is correct, or a fixed password is a secret key and a one-time password is disclosed Various authentication methods other than the embodiment, such as authentication by a public key method using a key, can be adopted. Further, as already described, the fixed password is shared with the user in advance.

  When the terminal authentication is successful, the terminal authentication server 24 further transmits terminal-specific data (terminal ID / network physical address) for specifying the terminal 31 to the communication gate control unit 42. The communication gate control unit 42 identifies the terminal 31 based on the terminal specific data and validates the communication gate 51 corresponding to the terminal 31 (opens the communication path). Note that the communication gates 51 and 52 are closed in the standard state (unauthenticated state) and do not pass any data.

  On the other hand, if there is a mismatch between the terminal ID, the fixed password, and the one-time password in the secondary authentication (terminal authentication), the fact that the authentication is unsuccessful is displayed on the display of the terminal 31 (step S121). The terminal 31 is not activated and the corresponding communication gate 51 remains closed. Even if the entrance authentication is successful, if the expiration date of the one-time password has passed (the time count value has exceeded the expiration date), the terminal authentication server 24 uses the one-time password. Even if the terminal ID is invalid and both the fixed and one-time passwords are correct, authentication is unsuccessful (step S120).

  Further, even if the secondary authentication (terminal authentication) succeeds, if an illegal packet is detected by the illegal packet detection unit 43 (step S115), the illegal packet detection unit 43 notifies the terminal authentication server 24 of the notification. Then, the terminal authentication server 24 receives this notification and cancels the authentication by closing the communication gate 51 corresponding to the terminal 31 via the communication gate control unit 42 (step S122).

  When the terminal operation detection unit 35 detects that the terminal 31 has not been operated for a certain period of time (step S116), the terminal authentication server 24 receives the detection signal from the terminal operation detection unit 35, Log off (forced termination) and close the communication gate 51 corresponding to the terminal 31 via the communication gate control unit 42 to return to the unauthenticated state (automatic log off processing) (steps S117 to S118).

  Further, in addition to the automatic logoff process based on such terminal non-operation, the exit logoff process may be performed. In this case, in order to detect the exit of the user, for example, a biometric information reading unit (not shown) is installed inside (inside the room) the entrance / exit gate 12 to confirm the identity of the person leaving the terminal, and the terminal authentication server 24 may log off the terminal 31 of the user who has left the room and close the corresponding communication gate 51 via the communication gate control unit 42.

  Furthermore, in the above-described embodiment, the terminal is assigned to the user in advance, but it is also possible to adopt a mode in which the terminal is assigned to the user at the entrance of the management area without entering the terminal in advance. In this case, a terminal designating unit that assigns a terminal to the user is further provided, and when authentication by the entrance authentication server 21 is successful, the terminal designated by the terminal designating unit is notified to the user through the display notification unit 15 (for example, A number may be assigned to each terminal in the management area in advance, and this number may be displayed on the screen together with the one-time password).

  In the embodiment, authentication is performed at the time of logon of the terminal. However, at the time of logon, authentication is not particularly required, and when the terminal attempts to communicate or connect to a network (for example, when a browser or a mailer is started up) Authentication may be requested.

DESCRIPTION OF SYMBOLS 1 Security management area 2 Internal network 3 Database 5 External network 11 Entrance / exit gate part 12 Entrance / exit gate 13 Entrance / exit gate control part 14 Biometric information reading part 21 Entrance authentication server 22 User information storage part 23 User information 24 Terminal authentication server 25 One-time password generation unit 31, 32 Terminal device 35 Terminal operation detection unit 41 Communication gate unit 42 Communication gate control unit 43 Illegal packet detection unit 51, 52 Communication gate 55 Firewall

Claims (10)

A plurality of terminal devices installed so as to be connectable to an external network via an internal network constructed in the security management area;
A communication gate unit that is interposed between the terminal device and the internal network or between the internal network and the external network and enables the terminal device to be connected to the internal network or the external network;
Identification information of a user who uses the terminal device, a user information storage unit that can be stored in advance as user information in association with the user;
An entrance / exit gate section that includes an entrance / exit gate that closes the entrance / exit of the security management area so as to be openable and closable, and restricts at least entry of the user's entrance and exit to the security management area;
An identification information input unit that is provided outside the entrance / exit gate and allows a user entering the security management area to input his / her identification information;
The identification information input through the identification information input unit is compared with the user information stored in advance in the user information storage unit, and the input identification information is stored in the user information storage unit in advance. An entrance authentication unit that performs identity authentication by determining whether or not the user identification information matches,
A one-time password issuing unit that issues a one-time password to the user when the identity authentication is successful;
A terminal designating unit that issues terminal designating information for identifying at least one of the plurality of terminal devices as a terminal device to be used by the user when the user authentication is successful;
An entrance authentication notification unit that provides the user with the one-time password and the terminal identification information outside the entrance / exit gate;
The password issued by the one-time password issuing unit and the password input from the terminal device specified by the terminal designation information are compared, and if they match, the authentication is successful and the two do not match or A terminal authentication unit that determines that authentication is unsuccessful when it is input from a terminal device other than the terminal device specified by the terminal designation information,
With
The entrance / exit gate unit opens the entrance / exit gate when the authentication by the entrance authentication unit is successful, while closing the entrance / exit gate when unauthenticated and authentication is unsuccessful,
The communication gate unit permits the connection of the terminal device to the network when the authentication by the terminal authentication unit is successful, while blocking the connection of the terminal device to the network when the authentication is unauthenticated and the authentication is unsuccessful A security system characterized by Further comprising a communication monitoring unit that monitors packets passing through the communication gate unit and detects predetermined unauthorized packets that are not permitted;
2. The security according to claim 1, wherein when the unauthorized packet is detected by the communication monitoring unit, the communication gate unit blocks connection of the terminal device that is a transmission source or a transmission destination of the unauthorized packet to the network. system. A plurality of terminal devices installed so as to be connectable to an external network via an internal network constructed in the security management area;
Identification information of a user who uses the terminal device, a user information storage unit which can be stored in advance as user information in association with the user;
An entrance / exit gate section that includes an entrance / exit gate that closes the entrance / exit of the security management area so as to be openable and closable, and restricts at least entry of the user's entrance and exit to the security management area;
An identification information input unit that is provided outside the entrance / exit gate and allows a user entering the security management area to input his / her identification information;
The identification information input through the identification information input unit is compared with the user information stored in advance in the user information storage unit, and the input identification information is stored in the user information storage unit in advance. An entrance authentication unit that performs identity authentication by determining whether or not the user identification information matches,
A one-time password issuing unit that issues a one-time password to the user when the identity authentication is successful;
A terminal designating unit that issues terminal designating information for identifying at least one of the plurality of terminal devices as a terminal device to be used by the user when the user authentication is successful;
An entrance authentication notification unit that provides the user with the one-time password and the terminal identification information outside the entrance / exit gate;
The password issued by the one-time password issuing unit and the password input from the terminal device specified by the terminal designation information are compared, and if they match, the authentication is successful and the two do not match or A terminal authentication unit that determines that authentication is unsuccessful when it is input from a terminal device other than the terminal device specified by the terminal designation information,
With
The entrance / exit gate unit opens the entrance / exit gate when the authentication by the entrance authentication unit is successful, while closing the entrance / exit gate when unauthenticated and authentication is unsuccessful,
The terminal system is restricted in use unless authentication by the terminal authentication unit is successful. The security system according to claim 3 , wherein the use restriction related to the terminal device is prohibition of activation of the terminal device or use of software accompanying communication. The terminal authentication unit authenticates even when a password input from the terminal device and the one-time password match after invalidating the one-time password after a certain time has elapsed since the one-time password was issued. The security system according to any one of claims 1 to 4 , wherein the security system is unsuccessful. The security system according to any one of claims 1 to 5 , wherein the user identification information is biometric authentication information representing a physical feature of the user. The biometric information is a hand vein pattern
The security system according to claim 6. The security system according to any one of claims 1 to 7 , wherein the terminal authentication unit performs authentication by a combination of the one-time password and a fixed password. A terminal operation detection unit for detecting whether or not the terminal device is operated;
When the terminal operation is not operated by the terminal operation detection unit for a certain period of time, the terminal authentication unit cancels the authentication by the terminal authentication unit, cancels the connection state to the network by the communication gate unit, or the terminal The security system according to any one of claims 1 to 8, wherein a device use restriction is applied. An identification information input unit at the time of exit, which is provided inside the entrance / exit gate and allows a user who leaves the security management area to input his / her identification information;
The identification information input through the identification information input unit at the time of leaving the room is compared with the user information stored in advance in the user information storage unit, and the input identification information is stored in the user information storage unit in advance. A room exit detecting unit that determines that the user has left the room when the user's identification information matches,
Further comprising
When a user exit is detected by the exit detection unit, the communication gate unit can connect to the network for the terminal device used by the user to cancel the authentication by the terminal authentication unit. The security system according to any one of claims 1 to 9 , wherein the release or the use restriction of the terminal device is applied.

Images