JP6220275B2 - Security system - Google Patents

Description

  The present invention relates to a security system.

  In recent years, the problem of leaking highly confidential information frequently occurs. For example, when a user registers personal information in a Web service using an information processing terminal or the like, there is a problem that the personal information is leaked. Therefore, it is necessary to prevent leakage of highly confidential information when a user uses a Web service using an information processing terminal or the like.

  In a general Web service, authentication is performed using an ID and a password, and access to information on the Web service is permitted when the authentication is successful. In addition, there is a technique for restricting browsing by limiting terminals that access Web services in order to prevent information leakage. For example, when a wireless LAN or VPN is used, a terminal capable of browsing a website by attaching a dongle containing authentication information to a computer as a security token that proves that the user is a valid user. It is limited (refer nonpatent literature 1).

  In addition, there are other methods of limiting the terminals that access the Web site by inputting double IDs and passwords by Cookie, or by using MAC addresses or IP addresses.

Dongle Wikipedia, [On Line], [Search January 22, 2014], Internet <URL: http://en.wikipedia.org/wiki/%E3%83%89%E3%83%B3%E3% 82% B0% E3% 83% AB>

  However, in the conventional technology, when limiting the terminals that access the Web site, security measures such as loss, misplacement measures, impersonation measures, or hacking / virus security measures are not necessarily sufficient.

  For example, when a terminal is limited using a dongle, management for a case where the dongle itself is lost is complicated, or there is a virus that infects the dongle and mediates it. Furthermore, in the case of a technology using a dongle, the cost of purchasing the dongle and the burden on the user such as the need to authenticate the dongle each time are large.

  In addition, in the technique using Cookie or the like, if an ID, a password, or the like is known to a malicious person, there is a risk that it will be used without the real user noticing.

  SUMMARY OF THE INVENTION Accordingly, an object of the present invention is to provide a security system capable of improving security while considering a burden on a user when a Web service is provided by limiting information processing terminals to be used. .

  A security system according to a predetermined aspect of the present invention is a security system that controls access from an information processing terminal to a website that handles information related to a student, and includes a first identification for registering the information processing terminal in a server. Information and first password, setting means for setting second identification information and second password for accessing the server, and terminal for managing the information processing terminal together with the first identification information and the first password Registration request means for transmitting information from the information processing terminal to the server, issuing means for issuing terminal control information based on the terminal information, and registration means for registering the terminal control information in the server and the information processing terminal And terminal control information stored in the information processing terminal and terminal control information registered in the server. And when the collation by the collation means is successful, the second identification information and the second password input to the information processing terminal, and the second identification information and the second password set in the server are used. An authentication unit that performs an authentication process; and an access unit that accesses the Web site when authentication by the authentication unit is successful. Thereby, when a Web service is provided by limiting information processing terminals to be used, security can be improved while considering the burden on the user.

  Further, the issuing means may issue new terminal control information each time collation by the collating means is performed, and the registration means each time the terminal control information is issued by the issuing means. New terminal control information may be registered in the server and the information processing terminal. According to this preferable aspect, since the terminal control information is updated every time it is accessed, the security can be further improved.

  Further, the setting means sets a first time limit for registering the information processing terminal and a second time limit for permitting access from the information processing terminal, and the first time limit is greater than the second time limit. May be set shorter. According to this preferable aspect, by setting the registration period of the terminal to be used short, it is possible to prevent the terminal from being registered by an attacker later.

  Further, the information processing terminal may store the terminal control information in a storage in the web browser, for example, a local storage of HTML5. This preferred embodiment can facilitate the implementation of this system.

  The information processing terminal further includes a stopping unit that stops the use of the personal information from the information processing terminal, and the issuing unit receives the terminal control information of the information processing terminal whose use is stopped by the stopping unit. When collation is performed, the new terminal control information may not be issued. According to this preferable aspect, it is possible to prevent the terminal control information from being updated due to access from an attacker.

  According to the predetermined aspect of the present invention, when a Web service is provided by limiting information processing terminals to be used, security can be improved while considering the burden on the user.

It is a block diagram which shows an example of a structure of the security system in embodiment. It is a block diagram which shows an example of the hardware constitutions of the server in embodiment. It is a block diagram which shows an example of the hardware constitutions of the information processing terminal in embodiment. It is a block diagram which shows an example of the function structure of the server in embodiment. It is a block diagram which shows an example of a function structure of the information processing terminal in embodiment. It is a figure which shows an example of a terminal registration screen. It is a figure which shows an example of a login screen. It is a figure which shows an example of login information. It is a figure which shows an example of terminal registration information. It is a figure which shows an example of terminal related information. It is a figure which shows an example of terminal control information. It is a sequence diagram which shows an example of the account setting process of the security system in embodiment. It is a sequence diagram which shows an example of the registration process of the terminal control information of the security system in embodiment. It is a sequence diagram which shows an example of the user login process of the security system in embodiment. It is a sequence diagram which shows an example of the account stop process of the security system in embodiment. It is a sequence diagram which shows an example of the terminal stop process of the security system in an embodiment. It is a sequence diagram which shows an example of the fraud detection process after the unauthorized use of the security system in embodiment.

  Embodiments of the present invention will be described below with reference to the drawings. However, the embodiment described below is merely an example, and there is no intention to exclude various modifications and technical applications that are not explicitly described below. That is, the present invention can be implemented with various modifications without departing from the spirit of the present invention. In the following description of the drawings, the same or similar parts are denoted by the same or similar reference numerals. The drawings are schematic and do not necessarily match actual dimensions and ratios. In some cases, the dimensional relationships and ratios may be different between the drawings.

[Embodiment]
First, the security system described below is described by taking a security system applied to a school support system as an example, but is not limited to this example. In addition, although the information processing terminal demonstrated below is demonstrated taking a tablet terminal as an example, information processing apparatuses, such as PC (Personal Computer), are included.

  As an example of the school affairs support system to which the security system in the embodiment is applied, there is a Web service that collectively manages information related to students (for example, information related to school affairs) such as student grades. In this Web service, a school teacher accesses a Web site using an information processing terminal or the like and inputs personal information such as student grades. School students browse only their information by accessing a website provided by this web service using an information processing terminal.

  At this time, the security system in the embodiment limits the information processing terminals that can be used, so that when the information processing terminal is lost or stolen, highly confidential information (hereinafter also referred to as secret information) is stored. Prevent leakage. Hereinafter, a security system according to an embodiment of the present invention will be described with reference to the drawings.

<Security system configuration>
FIG. 1 is a block diagram illustrating an example of a configuration of a security system 1 according to the embodiment. In the example shown in FIG. 1, in the security system 1, a server 10 and information processing terminals 20 </ b> A and 20 </ b> B are connected via a network 30. The information processing terminal 20 is used when the individual information processing terminal 20A and the information processing terminal 20B are not distinguished. The security system 1 may include an authentication server (not shown).

  The server 10 provides a web service that handles confidential information (for example, personal information). The server 10 has a function of limiting the information processing terminals 20 that can use this Web service in order to prevent information leakage. For example, the server 10 enhances security by limiting terminals using terminal control information issued when registering the information processing terminal 20. Details of the function to increase security will be described later.

  The information processing terminal 20 can access the server 10 and use a Web service. At this time, the information processing terminal 20 transmits terminal information for terminal management to the server 10 together with the terminal registration ID and password set by the server 10 at the first access to the Web site. The server 10 registers terminal control information generated based on the terminal information, and limits the information processing terminal 20 using the terminal control information. Details of terminal limitation will be described later. After the information processing terminal 20 that uses the Web service is limited, an information processing terminal for which terminal control information is not registered cannot access the information processing terminal provided by this Web site.

<Hardware configuration>
Next, the hardware configuration of each device in the security system 1 will be described. FIG. 2 is a block diagram illustrating an example of a hardware configuration of the server 10 according to the embodiment. The server 10 illustrated in FIG. 2 includes, for example, a central processing unit (CPU) 102, a main memory 104, a BIOS-ROM 106, a storage device 108, a communication interface 110, and a system bus 112 that connects them.

  For example, the CPU 102 executes a program developed on the main memory 104 and causes the server 10 to realize various functions. In other words, the server 10 executes a program under the control of the CPU 102, thereby realizing the use of a website with restricted access. The BIOS-ROM 106 stores a program for hardware management and control of the server 10. The storage unit 108 stores programs and various data. The communication interface 110 is an interface that enables communication with the information processing terminal 20 and other devices.

  Next, a hardware configuration of the information processing terminal 20 used for the user to access the website will be described. FIG. 3 is a block diagram illustrating an example of a hardware configuration of the information processing terminal 20 in the embodiment. The information processing terminal 20 illustrated in FIG. 3 includes, for example, a CPU 202, a main memory 204, a BIOS-ROM 206, a storage unit 208, an audio output unit 210, a display unit 212, a communication interface 214, and an input unit 216. And a system bus 218 for connecting them.

  The functions of the CPU 202, main memory 204, BIOS-ROM 206, storage unit 208, and communication interface 214 are the same as the functions of the CPU 102, main memory 104, BIOS-ROM 106, storage unit 108, and communication interface 110 shown in FIG.

  The audio output unit 210 outputs various sounds processed under the control of the CPU 202. The display unit 212 displays various images processed under the control of the CPU 202. The input unit 216 is, for example, a touch panel for inputting user operations. The input unit 216 may input a user operation from a keyboard connected to the information processing terminal 20.

<Functional configuration>
Next, each functional configuration in the security system 1 will be described. First, the functional configuration of the server 10 will be described.

  FIG. 4 is a block diagram illustrating an example of a functional configuration of the server 10 in the embodiment. 4 includes, for example, a setting unit 302, a terminal control unit 304, a collation unit 306, a storage unit 308, an authentication unit 310, an issuing unit 312, a registration unit 314, and an updating unit 316. And stop means 318. The server 10 has functions for providing a Web service by executing the program PR1.

  The setting unit 302 can be realized by, for example, the CPU 102, the main memory 104, the program PR1, and the like. The setting means 302 includes an ID (first identification information) and a password (first password) for registering the information processing terminal 20 in the server 10, and an ID (second identification information) and a password (first password) for accessing the server 10. Set the second password. For example, the first identification information and the first password are data for terminal registration, and the second identification information and the second password are data for personal authentication.

  Further, the setting unit 302 sets a registration time limit (first time limit) for registering the information processing terminal 20 and an expiration date (second time limit) for permitting access from the information processing terminal 20. At this time, the setting unit 302 sets the registration time limit to be shorter than the expiration date. For example, the registration time limit is set to be within a predetermined period (for example, 5 days) after setting the ID and password, and the expiration date is set to, for example, one year after setting the ID and password.

  In addition, the setting unit 302 can limit the legitimate information processing terminals by setting the registration deadline short (for example, by setting the registration deadline to 2 days from the date of issue), thereby improving the security. This is because even if an attacker who has stolen terminal registration data at a later date tries to register his own terminal, the registration deadline has passed and the attacker's own terminal cannot be registered.

  The terminal control unit 304 can be realized by, for example, the CPU 102, the main memory 104, the communication interface 110, the program PR1, and the like. When the terminal control unit 304 receives a request for various screens of the website from the information processing terminal 20, the terminal control unit 304 returns responses of the various screens. For example, in response to the request, the terminal control unit 304 returns a login screen response or returns a terminal registration screen response at the first access.

  In addition, the terminal control unit 304 acquires terminal information input from the information processing terminal 20 using the terminal registration screen. The terminal information is used for generating terminal control information. The generated terminal control information is registered and stored in the information processing terminal 20 and the server 10.

  The verification unit 306 can be realized by, for example, the CPU 102, the main memory 104, the communication interface 110, the program PR1, and the like. The collating unit 306 collates the terminal control information stored in the information processing terminal 20 with the terminal control information registered in the server 10. When the collation is successful, the collation result is output to the authentication unit 310 and the issuing unit 312, and when the collation fails, the collation result is output to the issuing unit 312 or the stopping unit 318.

  The storage unit 308 can be realized by the storage unit 108 or the like, for example. The storage unit 308 stores information set by the setting unit 302 and information received from the information processing terminal 20. Information stored in the storage unit 308 will be described later with reference to FIGS.

  The authentication unit 310 can be realized by, for example, the CPU 102, the main memory 104, the communication interface 110, the program PR1, and the like. When the verification by the verification unit 306 is successful, the authentication unit 310 uses the second identification information and the second password input to the information processing terminal 20 and the second identification information and the second password set in the server 10. Perform authentication processing. The second identification information and the second password input to the information processing terminal 20 include the second identification information and the second password stored in the Web browser after the first input. The authentication unit 310 outputs the authentication result to the issuing unit 312.

  The issuing unit 312 can be realized by, for example, the CPU 102, the main memory 104, the program PR1, and the like. When the issuing unit 312 acquires the authentication result, the issuing unit 312 issues terminal control information based on the terminal information. For example, the issuing unit 312 generates terminal control information using a hash function that uses terminal information, update date and time as parameters, and the like. The update date / time refers to the latest date / time when the Web site was accessed. The terminal control information is, for example, a hash value. The generated terminal control information is output to the registration unit 314.

  Note that the issuing unit 312 reissues the terminal control information whenever there is an access from the information processing terminal 20 regardless of whether the authentication is successful. Further, the issuing unit 312 does not issue new terminal control information when the terminal control information of the information processing terminal whose use is stopped by the stop unit 318 described later is collated. This is to prevent the terminal control information from being updated due to unauthorized access.

  The registration unit 314 can be realized by, for example, the CPU 102, the main memory 104, the communication interface 110, the program PR1, and the like. The registration unit 314 registers the terminal control information issued by the issuing unit 312 in the server 10 and the information processing terminal 20. For example, the registration unit 314 stores the issued terminal control information in the storage unit 308 and transmits the terminal control information to the information processing terminal 20 in order to register it in the information processing terminal 20.

  The update unit 316 can be realized by, for example, the CPU 102, the main memory 104, the program PR1, and the like. The updating unit 316 updates the terminal related information stored in the storage unit 308 when the terminal control information is reissued by the issuing unit 312. The terminal related information refers to information related to the terminal such as terminal information received from the information processing terminal 20, update date and time, and terminal control information.

  The stopping unit 318 can be realized by, for example, the CPU 102, the main memory 104, the program PR1, and the like. When the use stop of the information processing terminal 20 is instructed, the stop unit 318 stops using the Web service from the information processing terminal 20. Further, when the operator of the server 10 receives a use stop instruction from the user of the information processing terminal 20, the stop unit 318 stops using the predetermined information processing terminal 20 based on the operation of the operator. . The stopping unit 318 may record an unauthorized access log.

  Next, the functional configuration of the information processing terminal 20 in the security system 1 will be described. FIG. 5 is a block diagram illustrating an example of a functional configuration of the information processing terminal 20 in the embodiment. The information processing terminal 20 illustrated in FIG. 5 includes, for example, a registration request unit 402, a display unit 404, a login unit 406, a registration unit 408, an access unit 410, and a storage unit 412. The information processing terminal 20 has each function for accessing a Web site by executing the program PR2.

  The registration request unit 402 can be realized by, for example, the CPU 202, the main memory 204, the communication interface 214, the program PR2, and the like. The registration request unit 402 makes a request for a login screen and a terminal registration screen at the first time in order to access a Web site by a user operation. When the registration request unit 402 receives a response of the login screen or the terminal registration screen, the registration request unit 402 outputs information indicating the screen to the display unit 404. Also, the registration request unit 402 transmits terminal information for managing the information processing terminal 20 to the server 10 together with the first identification information and the first password.

  The display unit 404 can be realized by the display unit 212 or the like, for example. The display unit 404 displays the login screen or the terminal registration screen when receiving a response of the login screen or the terminal registration screen from the server 10.

  The login unit 406 can be realized by the CPU 202, the main memory 204, the communication interface 214, the program PR2, and the like, for example. The second identification information and the second password for personal authentication input from the login screen are transmitted to the server 10. When the second identification information and the second password are stored in the Web browser, the login unit 406 transmits the stored second identification information and the second password to the server 10.

  The registration unit 408 can be realized by, for example, the CPU 202, the main memory 204, the communication interface 214, the program PR2, and the like. The registration unit 408 stores the terminal control information received from the server 10 in the storage unit 412. In addition, the registration unit 408 updates the terminal control information stored in the storage unit 412 every time the terminal control information is received from the server 10.

  The access unit 410 can be realized by, for example, the CPU 202, the main memory 204, the communication interface 214, the program PR2, and the like. When the authentication by the authentication unit 310 of the server 10 is successful, the access unit 410 accesses the website via the communication interface 214 and the communication interface 110. Further, the information processing terminal 20 that has succeeded in authentication can add, delete, and update information by using this Web service.

  The storage unit 412 can be realized by the storage unit 208 or the like, for example. The storage unit 412 stores terminal control information issued by the server 10. The storage unit 412 is, for example, a storage in the Web browser, specifically, an HTML5 local storage.

  The security system 1 having the above functions can limit the information processing terminals 20 that use the Web service using the terminal control information. That is, a user who uses the information processing terminal 20 may limit the information processing terminal 20 by inputting the terminal registration ID and password and terminal management terminal information on the terminal registration screen at the first access. it can. Moreover, since the terminal information can use the same information as the information which manages the information processing terminal 20 as hardware on the school side, it becomes easy to manage the information processing terminal 20.

  In addition, regarding the loss or misplacement of the information processing terminal 20, when the loss or misplacement is detected, the same terminal information as the information managed by the school is notified to the service operating company, so that the information processing terminal 20 that has been lost or misplaced The use of the Web service can be stopped.

  Further, in the same way as the loss / placement of theft damage, by notifying the service management company of the terminal information, the use of the Web service from the information processing terminal 20 that has been lost / placed can be stopped.

  In addition, when infected with a virus pretending to be a designated terminal, it becomes possible to access the Web site from another unauthorized terminal. At this time, the terminal control information is updated by access from another terminal. Therefore, when a legitimate terminal accesses this Web site, the terminal control information before update is used, so that access cannot be made.

  However, at this point, a user who uses a legitimate terminal can know that unauthorized access is being performed without his knowledge, and may notify the service management company of suspension of use. Therefore, a legitimate user can discover the presence of unauthorized access at an early stage.

<Screen example>
Next, an example of a screen displayed on the information processing terminal 20 will be described. FIG. 6 is a diagram illustrating an example of a terminal registration screen. The terminal registration screen 502 shown in FIG. 6 includes fields for entering a school ID, a school password, and terminal information. The school ID corresponds to the first identification information, and the school password corresponds to the first password. The school ID and the school password are set by the server 10 and notified from the service management company to the school side in advance.

  As the terminal information, a terminal management number or the like managed by the information processing terminal 20 in the school may be input. Since the terminal information can use not the IP address or the like but the number used for management on the school side, the school side can easily manage the terminal number.

  Note that the terminal registration screen 502 shown in FIG. 6 is a screen displayed at the first login. Once the terminal information is registered in the server 10, this terminal registration screen 502 is not displayed.

  FIG. 7 is a diagram illustrating an example of a login screen. A login screen 602 illustrated in FIG. 7 is a login screen displayed before the user accesses the Web service. The login screen 602 includes fields for inputting a login ID and a password. The login ID corresponds to the second identification information, and the password corresponds to the second password. The login ID and password are set by the server 10, and may be notified from the service management company to the school in advance, for example, and the notification method is not particularly limited.

  The display unit 404 displays a terminal registration screen 502 at the first access, and displays a login screen 602 before the user accesses the website.

<Various information>
Next, various information used in the security system 1 in the embodiment will be described. Various information described below is merely an example, and for example, the information illustrated in FIGS. 8 to 10 may be stored in an integrated form.

  FIG. 8 is a diagram illustrating an example of login information. As shown in FIG. 8, the login information includes a personal ID and a personal password. The personal ID is a login ID and second identification information, and the personal password is a password at the time of login and a second password. The personal ID and the personal password are given to each user (for example, teacher or student). The login information illustrated in FIG. 8 is stored in the storage unit 308.

  FIG. 9 is a diagram illustrating an example of terminal registration information. The terminal registration information illustrated in FIG. 9 includes a terminal ID, a password, a registration time limit, an expiration date, and a school code. The terminal ID shown in FIG. 9 is first identification information, and the password is the first password.

  The registration time limit is a time limit for registering terminal information. When this registration time limit has passed, the server 10 performs control so that the terminal information cannot be registered. The expiration date represents a time limit for permitting access by the user. When this expiration date has passed, the server 10 performs control so that even the legitimate information processing terminal 20 is not accessible. The school code is a code managed on the server side. When the security system 1 according to the embodiment is applied to a system other than the school support system, the school code may be a company code, for example. The terminal registration information shown in FIG. 9 is stored in the storage unit 308.

  FIG. 10 is a diagram illustrating an example of terminal-related information. The terminal related information illustrated in FIG. 10 includes a terminal ID, terminal control information, terminal information, an update date and time, and a deletion flag. The terminal ID shown in FIG. 10 shows the same example as the terminal ID shown in FIG. In the terminal registration information shown in FIG. 9, the terminal ID is a primary key, and in the terminal related information shown in FIG. 10, the terminal ID and the terminal control information are primary keys.

  The terminal control information is generated by the issuing unit 312 and updated every time it is accessed from the information processing terminal 20. The terminal information is information for managing the information processing terminal 20 and is information received from the information processing terminal 20. The update date / time is the latest date / time when the website was successfully accessed or the date / time when the terminal control information was last updated. The deletion flag is a flag for stopping the use of the Web service. The deletion flag is set by the stop unit 318. The terminal related information shown in FIG. 10 is stored in the storage unit 308.

  FIG. 11 is a diagram illustrating an example of terminal control information. The terminal control information shown in FIG. 11 shows an example different from the terminal control information shown in FIG. 10, but is the same as the terminal control information shown in FIG. 10 as long as the information processing terminal 20 is legitimately used. . The terminal control information shown in FIG. 11 is stored in, for example, a local storage of HTML5 used in the web browser of the information processing terminal 20.

  The reason for storing the terminal control information in the local storage is that information can be stored and read out from the information processing terminal 20 of the user during Web browsing. The service operating company may construct a Web system having a function capable of registering information in the local storage of HTML5 and a function capable of reading information from the local storage. Note that HTML5 local storage differs from Cookie in that there is no storage deadline and the storage capacity is not too small.

<Operation>
Next, the operation of the security system 1 in the embodiment will be described using specific information for each case.

《Account setting process》
FIG. 12 is a sequence diagram illustrating an example of account setting processing of the security system 1 in the embodiment. In step 102 shown in FIG. 12, the user makes an account use request to the operator of the service operating company. This request for use may be made by e-mail or telephone.

In step S <b> 104, the entity (setting unit 302) performs processing for setting personal ID and personal password login information based on an operation by the operator. For example, the set login information is as follows.
・ Personal ID: S0001-S0200
-Password: abcd1234

In step S106, the entity (setting unit 302) performs terminal registration and password setting processing for terminal registration based on an operation by the operator. At this time, the setting unit 302 sets the expiration date of the personal ID and personal password and the registration time limit of the information processing terminal using the terminal ID and password. For example, the information set by the setting unit 302 is as follows. The account use request date is April 4, 2014. Schools often request account use at the beginning of the year.
-Terminal ID: C0001
-Password: 123abcd
・ Registration deadline: 2014/04/10 15:00: 00
・ Expiration date: 2015/03/31 23:59:59
・ School code: 12345

  In step S108, the operator notifies the user of the set personal ID and personal password by e-mail or mail. Thereby, the login information and the terminal information used by the user can be shared between the server 10 and the information processing apparatus 20. In addition, when there is an account use request from the organization, the operator may contact the organization collectively with the personal ID of each user included in the organization.

<< Terminal control information registration process >>
FIG. 13 is a sequence diagram illustrating an example of terminal control information registration processing of the security system 1 according to the embodiment. In step S202 shown in FIG. 13, the information processing terminal 20 receives the URL of the website from the user. At this time, according to the browser specification, even if there is data in the local storage of the Web browser, this data is not communicated.

  In step S <b> 204, the registration request unit 402 of the information processing terminal 20 transmits an HTTP (S) request to the server 10.

  In step S206, the process (terminal control unit 304) receives the HTTP (S) request and makes a terminal control determination for the service.

  In step S208, the service returns a login screen response because there is no local storage data.

  In step S <b> 210, the process (terminal control unit 304) returns a login screen response to the information processing terminal 20.

  In step S212, the registration request unit 402 of the information processing terminal 20 confirms whether the terminal control information is stored in the local storage. In this case, since the terminal control information is not stored in the local storage, the registration request unit 402 requests a terminal registration screen.

  In step S <b> 214, the registration request unit 402 transmits an HTTP (S) request to the server 10 in order to request the server 10 for a terminal registration screen.

  In step S216, the process (terminal control unit 304) returns a response of the terminal registration screen to the HTTP (S) request.

  In step S218, the display unit 404 receives the response from the server 10 and displays a terminal registration screen.

In step S220, the registration request unit 402 acquires the terminal ID, password, and terminal information input by the user, and requests registration of terminal information. Here, the input information is as follows.
-Terminal ID: C0001
-Password: 123abcd
・ Terminal information: PC8901
-Update date / time (access date / time): 2014/04/09 10:00: 00
Here, since it is the time of the first access, the terminal control information is not stored in the local storage.

  In step S222, the registration request unit 402 transmits the acquired information to the server 10 as an HTTP (S) request.

  In step S224, the process (terminal control unit 304) requests the service to check the input information.

In step S226, the service determines whether the input terminal ID and password match the set terminal ID and password, and whether the access date and time is within the registration time limit. The service stores the terminal information in the database (storage unit 308) if the terminal ID and password match and the access date / time is within the registration deadline. The terminal related information at this stage is as follows.
-Terminal ID: C0001
-Terminal control information:-
・ Terminal information: PC8901
-Update date / time (access date / time): 2014/04/09 10:00: 00
-Deletion flag:-

  In step S228, the entity notifies the service that the terminal information has been registered in the database.

  In step S230, the service (issuing means 312) issues terminal control information based on the registered terminal information. For example, the issuing unit 312 generates a hash value from the school code, the terminal information, the terminal ID, and the update date and time, and uses the hash value as terminal control information. Here, the school code and the terminal information are unique in the organization, the terminal ID is unique in the beta base, and the update date varies with each access. Also, the terminal control information generated at this stage is 649a74... B8. The service (registration means 314) outputs the issued terminal control information to the process so that the information processing terminal 20 registers it.

In step S232, the service (registration unit 314) registers the issued terminal control information in the entity (storage unit 308). At this time, the terminal related information is as follows.
-Terminal ID: C0001
Terminal control information: 649a74 ... b8
・ Terminal information: PC8901
-Update date / time (access date / time): 2014/04/09 10:00: 00
-Deletion flag:-

  In step S234, the process returns a registration completion response. At this time, the process returns the terminal control information together with the response.

In step S236, the registration unit 408 of the information processing terminal 20 registers the terminal control information in the local storage of HTML5. At this time, the terminal control information stored in the local storage is as follows.
Terminal control information: 649a74 ... b8

  In step S238, the display unit 404 of the information processing terminal 20 displays a terminal registration completion screen. Thus, the user can know that the terminal information has been properly registered.

<< User login process >>
FIG. 14 is a sequence diagram illustrating an example of a user login process of the security system 1 according to the embodiment. The process shown in FIG. 14 is a process that follows the process of FIG. Steps S302 to S310 shown in FIG. 14 are the same as steps S202 to S210 shown in FIG.

  In steps S312 and S314, the registration request unit 402 of the information processing terminal 20 confirms whether the terminal control information is stored in the local storage. In this case, since the terminal control information is stored in the local storage, the display unit 404 displays a login screen.

  In step S316, the login unit 406 acquires the personal ID and password input from the user or acquired from the browser, and performs login processing.

  In step S318, the login unit 406 reads the terminal control information stored in the local storage.

In step S320, the login unit 406 transmits an HTTP (S) request including the acquired information to the server 20. At this time, the information to be transmitted is as follows.
・ Personal ID: S0001
・ Personal password: abcd1234
Terminal control information: 649a74 ... b8

  In step S322, the process requests the service to check the input of the acquired information.

In step S324, the service (collation unit 306) confirms the terminal control information. For example, the collation unit 306 confirms whether the acquired terminal control information matches the terminal control information included in the terminal related information. At this time, the latest access date (update date) is registered in the database and updated. At this time, the terminal related information is as follows.
-Terminal ID: C0001
Terminal control information: 649a74 ... b8
・ Terminal information: PC8901
・ Update date / time (access date / time): 2014/04/11 10:10:00
-Deletion flag:-

  In step S326, the service (collation unit 306) has the entity notify the confirmation result of the terminal control information.

  In step S328, the service (issuing means 312) reissues the terminal control information based on the updated terminal related information, and notifies the process of the reissued terminal control information. The service (issuing unit 312) reissues the terminal control information regardless of the collation result by the collating unit 306. The reissued terminal control information is bec8b9... E6.

In step S330, the service (registration unit 314) registers the reissued terminal control information in the database (storage unit 308). At this time, the terminal related information is as follows. The update date and time used for updating the terminal control information may be updated by registering the update date and time together with the registration of the terminal control information, not during the processing in step S324.
-Terminal ID: C0001
Terminal control information: bec8b9 ... e6
・ Terminal information: PC8901
・ Update date / time (access date / time): 2014/04/11 10:10:00
-Deletion flag:-

  In step S332, the process instructs the service to perform login processing based on the acquired personal ID and personal password.

  In steps S334 and S336, the service (authentication unit 310) compares the personal ID and personal password acquired from the information processing terminal 20 with the login information stored in the database (storage unit 308), and performs authentication processing.

  In step S338, the service (authentication unit 310) outputs an authentication result to the process. Here, the authentication result is authentication success.

  In step S340, the process returns a response indicating completion of registration. At this time, the process returns the updated terminal control information together with the response.

In step S342, the registration unit 408 of the information processing terminal 20 registers the terminal control information in the local storage of HTML5. At this time, the terminal control information stored in the local storage is as follows.
Terminal control information: bec8b9 ... e6

  In step S344, the display unit 404 of the information processing terminal 20 displays the screen of the Web site after login. Thereby, the access means 410 starts access to the Web site. By performing the above processing, the security system 1 limits the terminal by performing verification using terminal control information that is changed for each access, and performs identity verification by authenticating with the personal ID and personal password. Can do and double security.

《Account suspension process》
FIG. 15 is a sequence diagram illustrating an example of account suspension processing of the security system 1 according to the embodiment. In step S402 shown in FIG. 15, the user makes an account stop request to the operator of the service operating company. This stop request may be made by e-mail or telephone.

  In step S404, the entity (stop unit 318) stops the user's account based on the operation by the operator. For example, the stopping unit 318 sets a deletion flag on the set login information.

  In step S406, the operator notifies the user that the account of the user who has received the stop request has been stopped by e-mail or mail. Thereby, it is possible to delete only a user account such as a graduate.

  In the following, a process for canceling a contract in units of organizations (for example, schools) will be described. In step S408, the organization makes an account stop request to the operator of the service operating company. This stop request may be made by e-mail or telephone.

  In step S410, the entity (stop unit 318) stops all user accounts assigned to the organization based on the operation by the operator. For example, the stopping unit 318 sets a deletion flag on the set login information.

  In step S412, the entity (stopping means 318) deletes all terminal registration information and terminal related information associated with the organization based on the operation by the operator.

  In step S414, the operator notifies the user that the organization that received the suspension request has been suspended by e-mail or mail. Thereby, the use of the organization itself can be stopped.

<Terminal stop processing>
FIG. 16 is a sequence diagram illustrating an example of a terminal stop process of the security system 1 according to the embodiment. The process shown in FIG. 16 is a process that follows the process shown in FIG.

  In step S502 shown in FIG. 16, since the user has lost the information processing terminal 20, the user requests the operator of the service operating company to stop the information processing terminal. At this time, the operator is informed of the terminal information of the lost information processing terminal 20.

In step S504, the entity (stopping means 318) stops using the information processing terminal 20 managed by the terminal information based on the terminal information taught by the user based on the operation by the operator. For example, the stop unit 318 sets a flag indicating the stop of use in the deletion flag associated with the terminal information. At this time, the terminal related information is as follows.
-Terminal ID: C0001
Terminal control information: 649a74 ... b8
・ Terminal information: PC8901
-Update date / time (access date / time): 2014/04/09 10:00: 00
-Deletion flag: Use suspended

  In step S <b> 506, the operator notifies the user that the use from the information processing terminal 20 managed by the terminal information for which the stop request is received is stopped by e-mail or mail. As a result, the Web site cannot be accessed from the information processing terminal 20 whose use has been stopped.

  In step S508, the service checks the access log based on the operation by the operator.

  In step S510, the login unit 406 acquires a personal ID and a personal password input from the attacker and performs a login process.

  In step S512, the login unit 406 reads terminal control information stored in the local storage.

In step S514, the login unit 406 transmits an HTTP (S) request including the acquired information to the server 20. At this time, it is assumed that the legitimate personal ID and personal password have been stolen by the attacker. The information to be transmitted is as follows.
・ Personal ID: S0001
・ Personal password: abcd1234
Terminal control information: 649a74 ... b8

  In step S516, the process requests the service to check the input of the acquired information.

In steps S518 and S520, the service (collation unit 306) confirms the terminal control information. For example, the collation unit 306 confirms whether the acquired terminal control information matches the terminal control information included in the terminal related information. The verification unit 306 returns a response indicating that the terminal control information cannot be used because the deletion flag related to the terminal control information indicates that the use is stopped. If it is not available, the database is not updated at all. That is, the terminal related information is as follows.
-Terminal ID: C0001
Terminal control information: 649a74 ... b8
・ Terminal information: PC8901
-Update date / time (access date / time): 2014/04/09 10:00: 00
-Deletion flag: Use suspended

  In step S522, since the service cannot be used by the terminal and is unauthorized access, a monitoring log is output and a response is returned. Thereby, the process can record the log information of unauthorized access in detail. The unauthorized access log is, for example, an access source IP address, access date and time, and the like.

  In step S524, the process returns a completion response to the information processing terminal 20 together with information indicating that the terminal cannot be used.

  In step S526, the display unit 404 of the information processing terminal 20 displays a terminal registration screen in order not to give the attacker information such as the wrong personal ID or the terminal being controlled.

  At this time, even if the attacker obtains the terminal ID or password from the past log or the like, in most cases, the terminal registration deadline has passed, so the attacker's information processing terminal 20 cannot be registered.

  As a result, the attacker cannot access the Web site. Further, by allowing an attacker to perform further access, log information of unauthorized access can be increased.

《Unauthorized processing after unauthorized use》
FIG. 17 is a sequence diagram illustrating an example of fraud detection processing after unauthorized use of the security system 1 in the embodiment. The process shown in FIG. 17 is a process that follows the process shown in FIG.

In step S602 illustrated in FIG. 17, it is assumed that the attacker has accessed the legitimate information processing terminal 20A and stole the terminal control information, the personal ID, and the personal password. The stolen information is as follows.
・ Personal ID: S0001
・ Personal password: abcd1234
Terminal control information: 649a74 ... b8

  In step S604, the attacker sets the stolen terminal control information in the local stage of his / her information processing terminal 20C.

  In step S606, the attacker performs user login. Step S606 is the same as the processing from steps S302 to S314 shown in FIG.

  In step S608, the information processing terminal 20C reads the terminal control information stored in the local storage.

In step S610, the information processing terminal 20C transmits an HTTP (S) request including the acquired information to the server 20. At this time, the information to be transmitted is as follows.
・ Personal ID: S0001
・ Personal password: abcd1234
Terminal control information: 649a74 ... b8

  In step S612, the process requests the service to check the acquired information.

In step S614, the service (collation unit 306) confirms the terminal control information. For example, the collation unit 306 confirms whether the acquired terminal control information matches the terminal control information included in the terminal related information. At this time, the latest access date (update date) is registered in the database and updated. At this time, the terminal related information is as follows.
-Terminal ID: C0001
Terminal control information: 649a74 ... b8
・ Terminal information: PC8901
・ Update date / time (access date / time): 2014/04/13 15: 10:00
-Deletion flag:-

  In step S616, the service (collation unit 306) receives a confirmation result of the terminal control information from the entity.

  In step S618, the service (issuing means 312) reissues the terminal control information based on the updated terminal related information, and notifies the process of the reissued terminal control information. The service (issuing unit 312) reissues the terminal control information regardless of the collation result by the collating unit 306. The reissued terminal control information is 54hg8jk... 6y.

In step S620, the service (registration unit 314) registers and updates the reissued terminal control information in the database (storage unit 308). At this time, the terminal related information is as follows.
-Terminal ID: C0001
Terminal control information: 54hg8jk ... 6y
・ Terminal information: PC8901
・ Update date / time (access date / time): 2014/04/13 15: 10:00
-Deletion flag:-

  Here, it is assumed that the login process S332 to S338 shown in FIG. 14 is performed and the authentication is successful.

  In step S622, the process returns an authentication completion response. At this time, the process returns the updated terminal control information together with the response.

In step S624, the information processing terminal 20C registers the terminal control information in the local storage of HTML5. At this time, the terminal control information stored in the local storage is as follows.
Terminal control information: 54hg8jk ... 6y

  In step S626, information processing terminal 20C displays the screen of the website after login.

  In step S628, the authorized user performs user login using the authorized information processing terminal 20A. Step S628 is the same as the processing from steps S302 to S314 shown in FIG.

  In step S630, the information processing terminal 20A reads the terminal control information stored in the local storage. Here, the terminal control information read is 649a74... B8.

In step S632, the information processing terminal 20A transmits an HTTP (S) request including the acquired information to the server 20. At this time, the information to be transmitted is as follows.
・ Personal ID: S0001
・ Personal password: abcd1234
Terminal control information: 649a74 ... b8

  In step S634, the process requests the service to check the input of the acquired information.

  In step S636, the service (collation unit 306) confirms the terminal control information. For example, the collation unit 306 confirms whether the acquired terminal control information matches the terminal control information included in the terminal related information. Here, the collation result includes a result that matches, does not match, or matches past terminal control information. The storage unit 308 stores a predetermined number of terminal control information in the past. The collation result here matches the past terminal control information.

  In step S638, the collating unit 306 refers to the collation result and recognizes that the transmitted terminal control information is terminal control information set in the past. At this time, since only the legitimate information processing terminal can know the past legitimate terminal control information, the server 10 senses that the latest terminal control information has been updated by the unauthorized information processing terminal. be able to.

  In step S640, the service outputs a monitoring log indicating that the terminal control information is old. In addition, the service records a log such as an update date and time corresponding to the terminal information PC 8901 as unauthorized access log information.

In step S642, the service (stop unit 318) sets a deletion flag associated with the terminal information PC 8901 in order to stop using the terminal information PC 8901. At this time, the terminal related information is as follows.
-Terminal ID: C0001
Terminal control information: 54hg8jk ... 6y
・ Terminal information: PC8901
・ Update date / time (access date / time): 2014/04/13 15: 10:00
-Deletion flag: use stop As a result, even if an unauthorized information processing terminal 20C accesses the server 10 after the update date and time, this Web service cannot be used. Note that the order of steps S640 and S642 does not matter.

  In step S644, the process returns a response including the possibility of unauthorized access to the information processing terminal 20A.

  In step S646, information processing terminal 20A displays an alarm screen indicating that there is a possibility of unauthorized access. As a result, a legitimate user can know the presence of unauthorized access.

  As described above, according to the embodiment, when a Web service is provided by limiting information processing terminals to be used, it is possible to improve security while considering the burden on the user. In addition, since common terminal control information that is updated each time the information processing terminal 20 and the server 10 are accessed is used, if the terminal control information does not match, the server 10 can know the presence of unauthorized access. It is possible to notify a legitimate user of the presence of unauthorized access.

  In addition, regarding the loss or misplacement of the information processing terminal 20, when the loss or misplacement is detected, the same terminal information as the information managed by the school is notified to the service operating company, so that the information processing terminal 20 that has been lost or misplaced The use of the Web service can be stopped.

  Further, in the same way as the loss / placement of theft damage, by notifying the service management company of the terminal information, the use of the Web service from the information processing terminal 20 that has been lost / placed can be stopped.

  In addition, when infected with a virus pretending to be a designated terminal, it becomes possible to access the Web site from another unauthorized terminal. At this time, the terminal control information is updated by access from another terminal. Therefore, when a legitimate terminal accesses this Web site, the terminal control information before update is used, so that access cannot be made.

  However, at this point, a user who uses a legitimate terminal can know that unauthorized access is being performed without his knowledge, and may notify the service management company of suspension of use. Therefore, a legitimate user can discover the presence of unauthorized access at an early stage.

[Modification]
As mentioned above, although embodiment of the technique which this application discloses was described, the technique which this application discloses is not limited above.

  The security system in the embodiment can be applied to a system that provides a Web service that handles highly confidential information. For example, the security system can be applied when an insurance company gives a sales employee an information processing terminal and the sales employee accesses a website from the information processing terminal to view or update information. Moreover, although demonstrated using the school affairs support system as an example of the security system in embodiment, it is applicable also as a student support system in a cram school, for example. In this case, the security system may be applied when accessing information related to the student such as the grade of the cram school from the information processing terminal 20.

  In addition, the verification unit 306 and / or the authentication unit 310 described in the embodiment may be included in an authentication server (not illustrated) connected to the server 10 or may be included in the information processing terminal 20.

1 Security System 10 Server 20 Information Processing Terminals 102, 202 CPU
104, 204 Main memory 108, 208 Storage unit 302 Setting unit 304 Terminal control unit 306 Verification unit 308 Storage unit 310 Authentication unit 312 Issuing unit 314 Registration unit 316 Updating unit 318 Stopping unit 402 Registration request unit 404 Display unit 406 Login unit 408 Registration Means 410 Access means 412 Storage means

Claims (6)

A security system for controlling access from an information processing terminal to a Web site that handles information related to students, wherein the first identification information and a first password for registering the information processing terminal in a server, and access to the server Setting means for setting second identification information and a second password for
Registration request means for transmitting terminal information for managing the information processing terminal together with the first identification information and the first password from the information processing terminal to the server;
Issuing means for issuing terminal control information based on the terminal information;
Registration means for registering the terminal control information in the server and the information processing terminal;
Collating means for collating terminal control information stored in the information processing terminal and terminal control information registered in the server;
Authentication in which authentication processing is performed using the second identification information and the second password input to the information processing terminal and the second identification information and the second password set in the server when the verification by the verification unit is successful. Means,
An access means for accessing the Web site when the authentication by the authentication means is successful;
Security system with The issuing means includes:
Each time collation by the collation means is performed, new terminal control information is issued,
The registration means includes
The security system according to claim 1, wherein each time terminal control information is issued by the issuing means, the new terminal control information is registered in the server and the information processing terminal. The setting means includes
Setting a first time limit for registering the information processing terminal and a second time limit for permitting access from the information processing terminal;
The security system according to claim 1, wherein the first deadline is shorter than the second deadline. The information processing terminal
The security system according to any one of claims 1 to 3, wherein the terminal control information is stored in a storage in a web browser.   The security system according to claim 4, wherein the storage is an HTML5 local storage. And further comprising stop means for stopping the use of personal information from the information processing terminal,
The issuing means includes:
The security system according to claim 2 , wherein when the terminal control information of the information processing terminal whose use is stopped by the stopping unit is verified by the verification unit, the new terminal control information is not issued.