JP7197997B2 - Access control device and program - Google Patents

Description

The present invention relates to technology for controlling the occurrence of timeouts.

In a communication system that employs single sign-on authentication, a single client authentication allows the client to access a plurality of predetermined systems. Further, in the communication system, a timeout may occur at a predetermined timing in order to prevent fraudulent impersonation after the client is authenticated. For example, Patent Document 1 discloses an image forming system that employs single sign-on.

JP 2011-248697 A

If the time until timeout occurs (hereinafter referred to as "timeout time") is lengthened, the security function of the communication system may deteriorate. Therefore, it is required to suppress the occurrence of security problems caused by setting the timeout period.

Accordingly, one of the objects of the present invention is to suppress the occurrence of security problems caused by setting a timeout period.

As an embodiment of the present invention, when a first access is accepted from a client, a timeout is generated if a first time has elapsed since the last access to the system relayed to the first access, and a second Provided is an access control device that, when access is accepted, generates a time-out when a non-operating time for the self device has passed a second time shorter than the first time.

In the above access control device, when a third access is accepted from the client, a timeout occurs after a third time period of non-operation for the device is longer than the second time period and shorter than the first time period. You may let

In the above access control device, the first access may be directed to the first system, and the second access may be directed to the second system.

In the above access control device, the first access may include a first identifier of the client, and the second access may include a second identifier of the client.

As an embodiment of the present invention, when the timeout period of the authentication device has passed since the last access to the authentication device that authenticates the client, and from the time of the last access to the system to which the access from the client is relayed Provided is an access control device that generates a timeout when the timeout time of the system has passed.

In the above access control device, the timeout period may be varied according to the system of the relay destination.

As an embodiment of the present invention, when a first access is received from a client, a computer generates a timeout if a first time has passed since the last access to a relay destination system of the first access. and a program for executing a process of generating a time-out when a second access is accepted and a non-operating time for its own device has passed a second time shorter than the first time.

As an embodiment of the present invention, when the timeout period of the authentication device for authenticating the client has passed since the last access to the authentication device for authenticating the client, and when the last access to the relay destination system of the access from the client A program for executing a process that generates a timeout when the timeout period of the system has passed from.

According to the invention of the present application, it is possible to suppress the occurrence of security problems caused by the setting of the timeout period.

1 is a block diagram showing the overall configuration of a communication system according to a first embodiment of the present invention; FIG. 1 is a block diagram showing the configuration of an access control device according to a first embodiment of the present invention; FIG. It is a figure which shows the structure of the table which concerns on 1st Embodiment of this invention. 4 is a flow chart showing processing related to table management performed by the access control device according to the first embodiment of the present invention. 4 is a flow chart showing processing related to client authentication performed by the access control device according to the first embodiment of the present invention. It is a figure which shows an example of a structure of the table which concerns on 1st Embodiment of this invention. 4 is a flow chart showing access control performed after the access control device according to the first embodiment of the present invention authenticates a client; It is a figure which shows an example of a structure of the table which concerns on 1st Embodiment of this invention. It is a figure which shows an example of a structure of the table which concerns on 1st Embodiment of this invention. It is a figure which shows an example of a structure of the table which concerns on 1st Embodiment of this invention. FIG. 4 is a diagram illustrating a specific example of processing performed by the access control device according to the first embodiment of the present invention; It is a figure which shows the structure of the table based on 2nd Embodiment of this invention. 9 is a flow chart showing processing related to table management performed by the access control device according to the second embodiment of the present invention. FIG. 10 is a flow chart showing access control performed after the access control apparatus according to the second embodiment of the present invention authenticates a client; FIG. It is a figure which shows an example of a structure of the table based on 2nd Embodiment of this invention. It is a figure which shows an example of a structure of the table based on 2nd Embodiment of this invention. FIG. 11 is a block diagram showing the overall configuration of a communication system according to a third embodiment of the present invention; FIG. FIG. 11 is a block diagram showing the configuration of an access control device according to a third embodiment of the present invention; FIG. It is a figure which shows the structure of the table based on 3rd Embodiment of this invention. FIG. 11 is a flow chart showing processing performed by an access control device according to a third embodiment of the present invention; FIG. It is a sequence chart which shows an example of the process performed by the communication system which concerns on 3rd Embodiment of this invention. It is a sequence chart which shows an example of the process performed by the communication system which concerns on 3rd Embodiment of this invention. It is a sequence chart which shows an example of the process performed by the communication system which concerns on 3rd Embodiment of this invention. It is a sequence chart which shows an example of the process performed by the communication system which concerns on 3rd Embodiment of this invention. 1 is a block diagram showing an example of the overall configuration of a communication system employing single sign-on; FIG. 4 is a sequence chart showing an example of processing executed in a communication system employing single sign-on; 4 is a sequence chart showing an example of processing executed in a communication system employing single sign-on; 4 is a sequence chart showing an example of processing executed in a communication system employing single sign-on; 4 is a sequence chart showing an example of processing executed in a communication system employing single sign-on;

Hereinafter, modes for carrying out the present invention will be described as several embodiments. It should be noted that the present invention can be carried out by variously modifying these embodiments. Therefore, the present invention should not be construed as being limited to these embodiments. In the following description, communication delay and processing delay are not taken into account for the sake of clarity.

[Issues of communication systems adopting single sign-on]
In order to facilitate understanding of the present invention, first, problems of a communication system employing single sign-on will be described.

FIG. 25 is a block diagram showing an example of the overall configuration of a communication system 9 that employs single sign-on. The communication system 9 includes an authentication device 90 , a first system 20A, a second system 20B, and multiple clients 30 .

The authentication device 90 authenticates the client 30 according to the reverse proxy method. That is, upon receiving access from the client 30 , the authentication device 90 performs authentication processing for confirming the legitimacy of the client 30 . Authentication device 90 relays access from authenticated client 30 to first system 20A and second system 20B. When receiving access from the client 30, the authentication device 90 does not perform the authentication process if the elapsed time from the last access date and time of the client 30 is less than the timeout period. Generate a timeout and request re-authentication.

The timeout period of each system included in this type of communication system is often the same (for example, 15 minutes). If the timeout period can be individually set in consideration of the security functions required for each system, it is possible to expect an effect of enhancing user convenience while ensuring the security functions. However, the inventors found that simply changing the setting of the timeout time causes the following (problem 1), (problem 2), and (problem 3). Hereinafter, (problem 1), (problem 2), and (problem 3) will be described with a timeout time of 5 minutes for the first system 20A and a timeout time of 15 minutes for the second system 20B.

(Problem 1) Case where the timeout time of the authentication device 90 is set to 5 minutes FIG. When the authentication device 90 receives an access from the client 30 at the access date and time “2018/03/01 10:00:00” (that is, 10:00:00 on March 1, 2018) (step S301), Authentication processing is performed (step S302). After authenticating the client 30, the authentication device 90 updates the last access date and time of the client 30 to "2018/03/01 10:00:00" (step S303). Note that the authentication device 90 measures the time using a timer, and records the last access date and time based on the time. The authentication device 90 transmits to the client 30 the top screen that is displayed first when the login to the authentication device 90 is permitted (step S304).

After that, when the authentication device 90 accepts access from the client 30 to the second system 20B at the access date and time “2018/03/01 10:10:00” (step S305), time-out check is performed (step S306). In this case, 10 minutes have already passed since the last access date and time “2018/03/01 10:00:00”, and 5 minutes, which is the timeout time of the authentication device 90, has passed. Therefore, the authentication device 90 generates a timeout and transmits an error screen to the client 30 (step S307).

As described above, when the timeout period of the authentication device 90 is shorter than that of the second system 20B, the client 30 cannot log in to the second system 20B after the timeout period of the authentication device 90 has passed. That is, the timeout period of the second system 20B is substantially shortened to the timeout period of the authentication device 90 .

(Problem 2) When the timeout time of the authentication device 90 is set to 15 minutes (Part 1)
FIG. 27 is a sequence chart showing an example of processing executed in the communication system 9. As shown in FIG. Since the processing in steps S301 to S304 is the same as the processing in the case of (problem 1), the description is omitted.

When the authentication device 90 accepts access from the client 30 to the first system 20A at the access date and time "2018/03/01 10:10:00" (step S401), time-out check is performed (step S402). Here, only 10 minutes have passed since the last access date and time “2018/03/01 10:00:00”, and 15 minutes, which is the timeout time of the authentication device 90, has not passed. In this case, the authentication device 90 updates the last access date and time to "2018/03/01 10:10:00" (step S403). The authentication device 90 requests login to the first system 20A (step S404). The first system 20A performs login processing based on this request, and permits the login of the client 30 (step S405). The first system 20A updates the last access date and time to "2018/03/01 10:10:00" (step 406). The first system 20A transmits the top screen to the authentication device 90 (step S407). The authentication device 90 transmits the top screen to the client 30 (step S408).

As described above, the first system 20A permits the login of the client 30 without re-authentication even though the time elapsed from the last access date and time to the authentication device 90 has passed the timeout period of the own system. end up The reason is that the first system 20A does not recognize the date and time of the last access to the authentication device 90, which is "2018/03/01 10:00:00", and ” is recognized as the first access.

(Problem 3) When the timeout time of the authentication device 90 is set to 15 minutes (Part 2)
28 and 29 are sequence charts showing an example of processing executed in the communication system 9. FIG. Since the processing in steps S301 to S304 is the same as the processing in the case of (problem 1), the description is omitted.

When the authentication device 90 accepts access from the client 30 to the first system 20A at the access date and time "2018/03/01 10:01:00" (step S501), time-out check is performed (step S502). Here, only 1 minute has passed since the last access date and time “2018/03/01 10:00:00”, and 15 minutes, which is the timeout time of the authentication device 90, has not passed. In this case, the authentication device 90 updates the last access date and time to "2018/03/01 10:01:00" (step S503). The authentication device 90 requests login to the first system 20A (step S504). The first system 20A performs login processing based on this request and permits login (step S505). The first system 20A updates the last access date and time to "2018/03/01 10:01:00" (step S506). The first system 20A transmits the top screen to the authentication device 90 (step S507). The first system 20A transmits the top screen to the client 30 (step S508).

Next, when the authentication device 90 accepts access from the client 30 to the first system 20A at the access date and time "2018/03/01 10:07:00" (step S509), time-out check is performed (step S510). , here, only 6 minutes have passed since the last access date and time “2018/03/01 10:01:00”, and 15 minutes, which is the timeout time of the authentication device 90, has not passed. Therefore, the authentication device 90 updates the last access date and time to "2018/03/01 10:07:00" (step S511). The authentication device 90 requests login to the first system 20A (step S512). The first system 20A performs timeout check based on this request (step S513). Here, 6 minutes have already passed since the last access date and time to the first system 20A "2018/03/01 10:01:00", and after 5 minutes which is the timeout time of the first system 20A has passed is. In this case, the first system 20A generates a timeout and transmits an error screen to the authentication device 90 (step S514). The authentication device 90 transmits an error screen to the client 30 (step S515).

Next, when the authentication device 90 accepts access from the client 30 to the first system 20A at the access date and time "2018/03/01 10:20:00" (step S516), time-out check is performed (step S517). . Here, only 13 minutes have passed since the last access date and time "2018/03/01 10:07:00", and 15 minutes, which is the timeout time of the authentication device 90, has not passed. Therefore, the authentication device 90 updates the last access date and time to "2018/03/01 10:20:00" (step S518). The authentication device 90 requests login to the first system 20A (step S519). The first system 20A performs login processing based on this request and permits login (step S520). The first system 20A causes a timeout in the processing of steps S513 and S514, recognizes the access of "03/01/2018 10:20:00" as the first access, and permits login. The first system 20A updates the last access date and time to "2018/03/01 10:20:00" (step S521). The first system 20A transmits the top screen to the authentication device 90 (step S522). The authentication device 90 transmits the top screen to the client 30 (step S523).

As described above, the first system 20A permits the login of the client 30 without re-authentication even though the time-out period of the own system has passed since the last access date and time to the authentication device 90 .

Embodiments of the present invention for solving (problem 1), (problem 2), and (problem 3) will be described below.

[First embodiment]
<Configuration>
FIG. 1 is a block diagram showing the overall configuration of a communication system 1 according to the first embodiment of the invention. The communication system 1 includes an access control device 10, a first system 20A, a second system 20B, and a plurality of clients 30. The access control device 10 communicates with each of the first system 20A and the second system 20B via communication lines. The access control device 10 communicates with each of the plurality of clients 30 via communication lines. The communication line is, for example, a public communication line (for example, the Internet), a LAN (Local Area Network), or a dedicated line. The access control device 10 is realized, for example, by one server device or cooperation of a plurality of servers.

After authenticating the client 30, the access control device 10 relays the access received from the client 30 to the first system 20A or the second system 20B. The access control device 10 generates a timeout and logs out the client 30 when a predetermined condition is satisfied. Timeout means invalidating the authentication of the client 30 in this embodiment. That is, when the access control device 10 accepts access from the client 30 after timeout occurs, the access control device 10 requests the client 30 to re-authenticate. Conditions for generating timeout will be described later.

The first system 20A and the second system 20B, for example, are implemented by different server devices, but may be implemented by the same server device. In this embodiment, there are two systems under the control of the authentication device 90, the first system 20A and the second system 20B, but there may be three or more systems. The first system 20A provides services related to financial institutions, for example. The second system 20B provides a different service than the first system 20A. However, the services provided by the first system 20A and the second system 20B do not matter. The client 30 is, for example, a personal computer, smart phone, tablet computer, or other computer device.

FIG. 2 is a block diagram showing the configuration of the access control device 10. As shown in FIG. The access control device 10 physically includes a processor 11 , a memory 12 , a first communication section 13 and a second communication section 14 . The processor 11 controls each part of the access control device 10 . The processor 11 functions as an access controller. The processor 11 includes control circuits exemplified by, for example, a CPU (Central Processing Unit), an ASIC (Application Specific Integrated Circuit), and an FPGA (Field-Programmable Gate Array). The processor 11 also has a timer T for measuring time. The timer T measures the current date and time (absolute time) in this embodiment. Timer T is, for example, a real-time clock.

Memory 12 stores data. The memory 12 stores a table 121, authentication information 122, and a program 123, for example. The table 121 stores data for controlling access by the client 30 . The authentication information 122 includes information used for authentication processing. The authentication information 122 includes, for example, multiple sets of user IDs and passwords. The program 123 is a program for causing the processor 11 to execute a predetermined function.

The memory 12 includes, for example, a RAM (Random Access Memory) used as a work area by the processor 11 and a ROM (Read Only Memory) storing the program 123 . The memory 12 may also include any type of recording medium, exemplified by optical recording media, magnetic recording media, and semiconductor recording media.

The first communication unit 13 communicates with each of the multiple clients 30 . The second communication unit 14 communicates with each of the first system 20A and the second system 20B. The first communication unit 13 and the second communication unit 14 may communicate by wire or wirelessly. The 1st communication part 13 and the 2nd communication part 14 contain a communication circuit, for example.

FIG. 3 is a diagram showing an example of the configuration of the table 121. As shown in FIG. Table 121 stores "user ID", "timeout period", "last access date and time", "shortening flag", and "occurrence flag" for each of access control device 10, first system 20A, and second system 20B. Store in association. Note that FIG. 3 only shows information about one client 30 .

“User ID” is an identifier that identifies the user of the client 30 . User ID "USER-1" for identifying users of the access control device 10, user IDs "USER-A1" and "USER-A2" for identifying users of the first system 20A, and users of the second system 20B. The user ID “USER-B1” is assigned to the user of the same client 30 in this embodiment. That is, the client 30 can log in to the access control device 10 using the user ID "USER-1" from the authentication screen. Also, the client 30 can log in to the first system 20A using the user ID "USER-A1" or "USER-A2" from the top screen of the first system 20A. Also, the client 30 can log in to the second system 20B using the user ID "USER-B1" from the top screen of the second system 20B.

The "timeout time" is the time from a predetermined time until timeout occurs. In this embodiment, the first timeout period (first time period), which is the standard timeout period, is 15 minutes, and the second timeout period (second time period), which is shorter than the first timeout period, is 5 minutes. The access control device 10 applies the first timeout period of "15 minutes". The first system 20A uses the first timeout period of "15 minutes" when the user ID "USER-A1" (first identifier) is used, and uses the user ID "USER-A2" (second identifier). A second time-out period of "5 minutes" is applied. The first system 20A, for example, shortens the timeout period for users to whom higher security should be imposed. The second system 20B applies the second timeout period of "5 minutes" when the user ID "USER-B1" is used. As described above, the first system 20A varies the timeout period according to the relay destination system of the access received from the client 30 and the user. "Last access date and time" indicates the last access time when each of the access control device 10, the first system 20A, and the second system 20B was finally accessed.

The 'shortening flag' is a flag that is 'on' when the second timeout period is applied to any client 30, and is 'off' when it is not applied.

The "occurrence flag" is a flag that is "on" when a timeout occurs and "off" when it does not occur. In this embodiment, the shortening flag and the generation flag associated with the access control device 10 are either on or off. On the other hand, the shortening flag and generation flag associated with each of the first system 20A and the second system 20B are blank (indicated by "-" in FIG. 3) in this embodiment.

<Action>
Next, the operation of the communication system 1 will be explained.

(Management of table 121)
FIG. 4 is a flow chart showing processing related to management of the table 121 performed by the access control device 10 . The following processing is performed for each client 30 . Note that both the shortening flag and the generation flag are off before the start of the following processing.

The processor 11 in the access control device 10 first determines whether or not to apply the second timeout period to any client 30 (step S1). Here, the processor 11 determines "YES" in step S1, and turns on the shortening flag of the table 121 (step S2). As a result, the table 121 is in the state shown in FIG. It should be noted that if the determination in step S1 is "NO", the processor 11 ends the processing of FIG. 4 while keeping the shortening flag off.

When the shortening flag is turned on in step S2, the processor 11 determines based on the timer T whether the non-operation time of the client 30 has passed 5 minutes, which is the second timeout time (step S3). The non-operation time is the length of time during which the client 30 does not operate the access control device 10 . Here, "manipulate" means to issue some kind of command to the access control device 10 . The client 30 goes through the access control device 10 when operating the first system 20A or the second system 20B. Therefore, operations on the access control device 10 include operations performed with the access control device 10 as the access destination, operations performed with the first system 10A as the access destination, and operations performed with the second system 10B as the access destination. Whether or not the access control device 10 is operated is used to determine whether the client 30 is being used by the user. For example, the processor 11 stores the date and time when the last operation was performed on the client 30 in the memory 12, compares the date and time measured by the timer T, and calculates the difference as the non-operation time. . If the determination in step S3 is "NO", the processor 11 waits.

If it is determined in step S3 that the non-operation time has passed the second timeout time of 5 minutes (step S3; YES), the processor 11 turns on the occurrence flag of the table 121 (step S4). As a result, a timeout occurs for the client 30 of the user to whom the second timeout period is applied (in this embodiment, the user with the user ID "USER-A2" or "USER-B1").

(Process related to authentication of client 30)
FIG. 5 is a flowchart showing processing related to authentication of the client 30 performed by the access control device 10. As shown in FIG.

The processor 11 in the access control device 10 receives access from the client 30 (step S11). Next, the processor 11 performs authentication processing of the client 30 (step S12). The authentication process is a process of verifying the legitimacy of the client 30 by comparing the set of the user ID and password received from the client 30 with the set of the user ID and password in the authentication information 122 .

The processor 11 determines whether or not the authentication process has succeeded (step S13). If the result of step S13 is "YES", the processor 11 permits the login of the client 30 (step S14). Next, the processor 11 updates the last access date and time of the access control device 10 in the table 121 (step S15). For example, when an access is accepted at an access date and time of "2018/03/01 10:00:00" using the user ID "USER-1", the processor 11 updates the table 121 to the state shown in FIG. The processor 11 then terminates the processing of FIG. On the other hand, if the determination in step S13 is "NO", the processor 11 rejects the login (step S16) and terminates the processing of FIG.

(access control)
FIG. 7 is a flow chart showing access control performed after the access control device 10 authenticates the client 30 .

The processor 11 in the access control device 10 receives access from the client 30 (step S21). Next, the processor 11 determines whether to apply the second timeout period to the client 30 (step S22). The processor 11 makes this determination based on the user ID used for login by the client 30 , the system to be accessed, and the table 121 . For example, the processor 11 accepts an access (second access) addressed to the first system 20A using the user ID "USER-A2", or accepts an access addressed to the second system 20B using the user ID "USER-B1". When the access (second access) is accepted, it is determined as "YES" in step S22.

Next, processor 11 determines whether or not the generation flag is on based on table 121 (step S23). That is, the processor 11 determines whether or not the client 30 has been inactive for five minutes, which is the second timeout period. If the result of step S23 is "NO", the processor 11 permits the client 30 to log in to the system to be accessed (step S24). In this case, the processor 11 requests login to the system to be accessed. For example, when an access using the user ID "USER-A2" is accepted at the access date and time "2018/03/01 10:03:00", the processor 11 permits login to the first system 20A. The processor 11 then updates the last access date and time in the table 121 (step S25). When an access using the user ID "USER-A2" is accepted at the access date and time "2018/03/01 10:03:00", the processor 11 updates the table 121 to the state shown in FIG. That is, the processor 11 updates the last access date and time of the access control device 10 and the first system 20A. The processor 11 then terminates the processing of FIG.

On the other hand, if the determination in step S23 is "YES", the processor 11 causes a timeout (step S26). For example, when an access using the user ID "USER-A2" is accepted at the access date and time "2018/03/01 10:08:00", the processor 11 causes the first system 20A to time out and Deny login to system 20A. In this case, the processor 11 does not request login to the system to be accessed.

Next, processor 11 updates the last access date and time in table 121 (step S27). For example, when an access using the user ID "USER-A2" is accepted at the access date and time "2018/03/01 10:08:00", the processor 11 updates the table 121 to the state shown in FIG. Here, a timeout does not occur for the access control device 10 but a timeout occurs for the first system 20A. The processor 11 then terminates the processing of FIG.

On the other hand, if it is determined not to apply the second timeout period in step S22, that is, if it is determined to apply the first timeout period (step S22; NO), the processor 11 advances the process to step S28. For example, when an access (first access) addressed to the first system 20A is accepted using the user ID "USER-A1", the processor 11 determines "NO" in step S22.

In this case, the processor 11 determines, based on the table 121, whether or not 15 minutes, which is the first timeout period, has passed since the last access date and time to the access control device 10 (step S28). If the result of step S28 is "NO", the processor 11 permits the client 30 to log in to the system to be accessed (step S29). For example, when an access using the user ID "USER-A1" is accepted at the access date and time "2018/03/01 10:10:00", the processor 11 permits login to the first system 20A.

Processor 11 then updates the last access date and time in table 121 (step S30). For example, when an access using the user ID "USER-A2" is accepted at the access date and time "2018/03/01 10:10:00", the processor 11 updates the table 121 to the state shown in FIG. Here, the processor 11 updates the last access date and time in the access control device 10 and the first system 20A. The processor 11 then terminates the processing of FIG.

On the other hand, if the determination in step S28 is "YES", the processor 11 generates a timeout (step S31). For example, when an access is accepted at an access date and time of "2018/03/01 10:20:00" using the user ID "USER-A2", the processor 11 generates a timeout for the access control device 10 and the first system 20A. Let The processor 11 then terminates the processing of FIG.

As described above, the timeout period of the access control device 10 is set to the first timeout period (15 minutes), which is the same as the timeout period of the user ID "USER-A1" of the second system 20B. Therefore, the timeout period of the second system 20B is not substantially shortened by setting the timeout period of the access control device 10, so the above-mentioned (Problem 1) does not occur.

When applying the second timeout period, the access control device 10 generates a timeout after the non-operation period has passed the second timeout period. As a result, after the non-operation time has passed the second timeout time, the access control device 10 does not request login to the access destination system. Therefore, (problem 2) and (problem 3) described above do not occur. For the above reasons, according to the access control device 10, it is possible to suppress the occurrence of security problems caused by the setting of the timeout period.

Furthermore, the access control device 10 has the following effects. As shown in FIG. 11, the client 30 uses the user ID "USER-B1" to access the second system 20B, then uses the user ID "USER-A1" to access the first system 20A, and again Consider a case where the user ID "USER-B1" is used to access the second system 20B. If the time period during which the first system 20A is being accessed using the user ID "USER-A1" is longer than the second timeout period of 5 minutes, the time-out period is based on the date and time of the last access to the second system 20B. When the presence or absence of occurrence is controlled, timeout occurs for the second system 20B. However, the access control device 10 controls whether timeout occurs based on the non-operation time. The access control device 10 is being operated even during the access to the first system 20A. Therefore, by controlling the occurrence of timeouts based on the non-operation time, the frequency of occurrence of timeouts in the second system 20B is reduced. In addition, it is considered that there is little risk of spoofing during a period in which the no-operation time is shorter than the second timeout time. For the above reasons, the access control device 10 has a desirable configuration in terms of improving user convenience.

[Second embodiment]
In this embodiment, an embodiment will be described in which there are three types of timeout time, namely, "5 minutes", "10 minutes", and "15 minutes". The overall configuration of the communication system 1 and the physical configuration of each device are the same as those of the first embodiment described above. The present embodiment will be described below, focusing on differences from the first embodiment. In addition, the same code|symbol is attached|subjected and represented about the same element as 1st Embodiment mentioned above.

FIG. 12 is a diagram showing the configuration of the table 121 of this embodiment. Note that FIG. 12 only shows information about one client 30 . As shown in FIG. 12, the table 121 stores shortening flags and occurrence flags for each of the access control device 10, first system 20A, and second system 20B. On the other hand, the shortening flag and occurrence flag for the access control device 10 are blank (indicated by "-" in FIG. 12). Also, a third timeout period (third time) that is longer than the second timeout period and shorter than the first timeout period is applied to the user with the user ID "USER-B1" of the second system 20B. . The third timeout period here is 10 minutes.

(Management of table 121)
FIG. 13 is a flow chart showing processing related to management of the table 121 performed by the access control device 10 . The following processing is performed for each user ID. Note that both the "shortening flag" and the "occurrence flag" are "off" before the start of the following processing.

The processor 11 in the access control device 10 first determines whether or not to apply a timeout period shorter than the first timeout period (15 minutes) to any client 30 (step S41). Here, the processor 11 determines "YES" in step S41, and turns on the target shortening flag (step S42). In this embodiment, the processor 11 turns on the shortening flag associated with the second timeout period (that is, 5 minutes) and the third timeout period (that is, 10 minutes) in the table 121 . As a result, the table 121 is in the state shown in FIG.

Next, the processor 11 determines whether or not the client 30's non-operation time has passed one of the shortened timeout times based on the timer T (step S43). The processor 11 determines whether or not the second timeout period of 5 minutes has passed for the user ID "USER-A2". The processor 11 determines whether or not the third timeout period of 10 minutes has passed for the user ID "USER-B1".

When it is determined in step S43 that the no-operation time has passed one of the shortened timeout periods (step S43; YES), the processor 11 turns on the occurrence flag of the target in the table 121 (step S44). The processor 11 turns on the occurrence flag associated with the user ID "USER-A2" when the second timeout period of 5 minutes has passed. Also, the processor 11 turns on the occurrence flag associated with the user ID “USER-B1” when the third timeout period of 10 minutes has elapsed.

(Process related to authentication of client 30)
The processing related to the authentication of the client 30 performed by the access control device 10 is the same as in the above-described embodiment, so the description thereof will be omitted.

(access control)
FIG. 14 is a flow chart showing access control performed after the access control device 10 authenticates the client 30 . The following processing is performed for each user ID. The processor 11 in the access control device 10 receives access from the client 30 (step S51). Next, the processor 11 determines whether to apply the shortened timeout period based on the shortened flag (step S52). The processor 11 makes this determination based on the user ID used for login by the client 30 , the system to be accessed, and the table 121 . For example, the processor 11 accepts an access (first access) addressed to the first system 20A using the user ID "USER-A2", or accepts an access addressed to the second system 20B using the user ID "USER-B1". When the access (first access) is accepted, it is determined as "YES" in step S52.

If the determination in step S52 is "YES", the processor 11 determines whether or not the target occurrence flag is on based on the table 121 (step S53). If the result of step S53 is "NO", the processor 11 permits the client 30 to log in to the system to be accessed (step S54). The processor 11 then updates the last access date and time in the table 121 (step S55). For example, when an access using the user ID "USER-A2" is accepted at the access date and time "2018/03/01 10:03:00", the processor 11 permits login and changes the table 121 to that shown in FIG. Update to the indicated state. When an access using the user ID "USER-B1" is accepted at the access date and time "2018/03/01 10:03:00", the processor 11 permits login and changes the table 121 to the state shown in FIG. update to The processor 11 then terminates the processing of FIG.

On the other hand, if the determination in step S53 is "YES", the processor 11 generates a timeout (step S56). Next, processor 11 updates the last access date and time in table 121 (step S57). The processing of steps S56 and S57 may be the same as the processing of steps S26 and S27. The processor 11 then terminates the processing of FIG.

On the other hand, when the processor 11 determines in step S52 not to apply the shortened timeout period (step S52; NO), the process proceeds to step S28. For example, when the processor 11 receives an access addressed to the first system 20A using the user ID "USER-A1", it determines "NO" in step S52, and proceeds to the process of step S28. After proceeding to the process of step S28, the processes of steps S28 to S31 are executed as in the first embodiment described above.

As described above, even when there are three types of timeout periods, the access control device 10 can control the occurrence of timeouts based on the timeout period set for each system. In this embodiment, there are three types of timeout periods, but the access control device 10 can also control the occurrence of timeout periods when there are four or more types of timeout periods.

[Third embodiment]
FIG. 17 is a block diagram showing the overall configuration of a communication system 2 according to the third embodiment of the invention. The communication system 2 includes an access control device 40 , an authentication device 50 , a first system 20A, a second system 20B, and multiple clients 30 . The access control device 40 communicates with the authentication device 50 via a communication line. The access control device 40 communicates with each of the plurality of clients 30 via communication lines.

The access control device 40 controls access of the client 3- authenticated by the authentication device 50 to the first system 20A and the second system 20B. The authentication device 50 performs authentication processing for confirming the legitimacy of the client 30 . The access control device 40 is implemented, for example, by one server device or cooperation of a plurality of servers.

FIG. 18 is a block diagram showing the physical configuration of the access control device 40. As shown in FIG. The access control device 40 includes a processor 41 , a memory 42 , a first communication section 43 and a second communication section 44 . The configuration of each part of the access control device 40 may be the same as that of the same-named elements of the access control device 10 . The processor 41 functions as an access controller. Memory 42 stores table 421 and program 422 . A table 421 stores data for controlling access of the client 30 . The program 422 is a program for causing the processor 41 to execute a predetermined function.

FIG. 19 is a diagram showing the structure of the table 421. As shown in FIG. As shown in FIG. 19, the table 421 associates and stores user IDs, timeout periods, and last access dates and times for each of the access control device 40, first system 20A, and second system 20B. “User ID” is an identifier that identifies the user of the client 30 . The "timeout time" is the time from a predetermined time until timeout occurs. The access control device 40 applies the first timeout period of "15 minutes". The first system 20A sets the first timeout period "15 minutes" corresponding to the user ID "USER-A1" and the second timeout period "5 minutes" corresponding to the user ID "USER-A2". applies. For the second system 20B, "15 minutes" is applied corresponding to the user ID "USER-B1". "Last access date and time" indicates the last access time when each of the access control device 40, the first system 20A, and the second system 20B was finally accessed.

FIG. 20 is a flow chart showing processing performed by the access control device 40 .

The processor 41 in the access control device 40 acquires the first timeout period (15 minutes), which is the timeout period for the authentication device 50, from the table 421 (step S61). Next, the processor 41 acquires the last access date and time of the authentication device 50 from the table 421 (step S62). Note that the processor 41 may acquire one or both of the timeout period and the last access date/time from the authentication device 50 .

Next, the processor 41 calculates the elapsed time from the last access date and time (step S63). Next, the processor 41 determines whether the elapsed time is less than the first timeout period (step S64). When the processor 41 determines that the elapsed time is less than the timeout period (step S64; YES), the process proceeds to step S65. On the other hand, when the processor 41 determines that the elapsed time has passed the first timeout period (step S64; NO), the processor 41 generates a timeout (step S74).

In step S<b>65 , the processor 41 acquires the timeout period of the system accessed by the client 30 from the table 421 . Next, the processor 41 acquires the last access date and time of the access destination system from the table 421 (step S66). Next, the processor 41 determines whether or not the last access date and time has been obtained from the table 421 (step S67). If determined as "YES" in step S67, the processor 41 calculates the elapsed time from the last access date and time (step S68). Next, the processor 41 determines whether the elapsed time is less than the timeout time of the access destination system (step S69). For example, when the processor 41 accepts an access addressed to the first system 20A using the user ID "USER-A2", it determines whether the second timeout period is less than 5 minutes. When the processor 41 accepts access addressed to the first system 20A using the user ID "USER-A1" or accepts access addressed to the second system 20B using "USER-B1", the first Determine whether the time is less than 15 minutes, which is the timeout time.

When the processor 41 determines that the elapsed time is less than the timeout period (step S69; YES), the process proceeds to step S70. On the other hand, when the processor 41 determines that the elapsed time has passed the timeout period, the processor 41 generates a timeout (step S75) and advances the process to step S73.

If determined as "NO" in step S67, the processor 41 requests the last access date and time from the system to be accessed (step S70). The processor 41 determines whether or not the last access date and time has been acquired from the access destination system (step S71). If the determination in step S71 is "YES", the processor 41 updates the table 421 with the acquired last access date and time (step S72).

If "NO" is determined in step S71, if the process of step S72 is executed, or if the process of step S75 is executed, the processor 41 updates the last access date and time of the authentication device 50 in the table 421 (step S73). ).

21 and 22 are sequence charts showing an example of processing (processing example 1) executed in the communication system 2. FIG.

When the authentication device 50 receives an access from the client 30 at the access date and time “2018/03/01 10:00:00” (step S101), it performs an authentication process (step S102). After authenticating the client 30, the authentication device 50 notifies the access control device 40 that the login has been completed (step S103).

The processor 41 in the access control device 40, upon receiving this completion notification, updates the last access date and time of the authentication device 50 in the table 421 (step S104). Here, the last access date and time of the authentication device 50 is "2018/03/01 10:00:00". The processor 41 then transmits the top screen to the client 30 (step S105).

Thereafter, when the processor 41 receives an access addressed to the first system 20A using the user ID "USER-A1" from the client 30 at the access date and time "2018/03/01 10:10:00" (step S106). , a timeout check is performed (step S107). Here, the elapsed time from the last access date and time is 10 minutes, which is shorter than the first timeout period (15 minutes) applied to the authentication device 50 . In this case, the processor 41 updates the last access date and time of the authentication device 50 in the table 421 to "2018/03/01 10:10:00" (step S108). On the other hand, the elapsed time from the last access date and time is 10 minutes, which is longer than the second timeout period (5 minutes) applied to the first system 20A. Therefore, the processor 41 generates a timeout for the first system 20A and transmits an error screen to the client 30 (step S109).

Next, when the processor 41 receives an access addressed to the second system 20B using the user ID "USER-B1" from the client 30 at the access date and time "2018/03/01 10:20:00" (step S110). , a timeout check is performed (step S111). Here, the elapsed time from the last access date and time is 10 minutes, which is shorter than the first timeout period (15 minutes). Therefore, the processor 41 requests login to the second system 20B (step S112).

The second system 20B performs login processing based on this request and permits login (step S113). The second system 20B transmits the top screen to the access control device 40 (step S114). In the access control device 40, the processor 41 updates the last access date and time of the authentication device 50 and the second system 20B in the table 421 to "2018/03/01 10:20:00" (step S115), and changes the top screen to the client 30. (step S116).

As described above, the timeout period of the access control device 40 and the second system 20B are the same, and the timeout period of the second system 20B is not substantially shortened by the timeout period of the access control device 40. . Therefore, the above (Problem 1) does not occur. Also, after the timeout time "5 minutes" has passed since the last access date and time of the access control device 40, the access control device 40 does not request login to the first system 20A. Therefore, the above (Problem 2) does not occur.

FIGS. 23 and 24 are sequence charts showing an example of processing executed in the communication system 2 (processing example 2).

The processing of steps S101 to S105 is the same as the processing in the first processing example. After that, when the processor 41 in the access control device 40 receives an access addressed to the first system 20A using the user ID "USER-A1" from the client 30 at the access date and time "2018/03/01 10:04:00" (Step S201), a time-out check is performed (Step S202). Here, the elapsed time from the last access date and time is 4 minutes, which is shorter than the second timeout period (5 minutes) applied to the first system 20A. Therefore, the processor 41 requests login to the first system 20A (step S203). The first system 20A performs login processing based on this request and permits login (step S204). The second system 20B then transmits the top screen to the access control device 40 (step S205).

The processor 41 updates the last access date and time of the authentication device 50 and the first system 20A in the table 421 to "2018/03/01 10:04:00" (step S206). The processor 41 then transmits the top screen to the client 30 (step S207).

Next, the processor 41 in the access control device 40 causes the client 30 to access the first system 20A using the user ID "USER-A2" at the access date and time "2018/03/01 10:10:00". Upon acceptance (step S208), timeout check is performed (step S209). Here, the elapsed time from the last access date and time is 6 minutes, which is shorter than the first timeout period (15 minutes). Therefore, the processor 41 updates the last access date and time of the authentication device 50 in the table 421 to "2018/03/01 10:10:00" (step S210). On the other hand, the elapsed time from the last access date and time is longer than the second timeout period (5 minutes) applied to the first system 20A. Therefore, the processor 41 generates a timeout and transmits an error screen to the client 30 (step S211).

Next, when the processor 41 receives an access addressed to the first system 20A using the user ID "USER-A2" from the client 30 at the access date and time "2018/03/01 10:20:00" (step S212 ), and a timeout check is performed (step S213). Here, the elapsed time from the last access date and time is 10 minutes, which is shorter than the first timeout period (15 minutes). Therefore, the processor 41 updates the last access date and time of the authentication device 50 in the table 421 to "2018/03/01 10:20:00" (step S214). On the other hand, the elapsed time from the last access date and time is 10 minutes, which is longer than the second timeout period (5 minutes) applied to the first system 20A. Therefore, the processor 41 generates a timeout and transmits an error screen to the client 30 (step S215).

As described above, the access control device 40 does not request login to the first system 20A after the first timeout period of 5 minutes has passed since the last access date and time of the access control device 40 . Therefore, the first system 20A does not permit login by mistakenly as the first access. Therefore, the problem of (problem 3) does not occur. For the above reasons, according to the access control device 40, it is possible to suppress the occurrence of security problems caused by the setting of the timeout period. It should be noted that in this embodiment as well, there may be three or more types of time-out times, as in the above-described second embodiment.

[Modification]
The present invention is not limited to the above embodiments, and can be modified as appropriate without departing from the scope of the invention.

A part of the configuration described in the above embodiments may be omitted or changed. For example, the access control device of the above-described embodiment determines whether or not the timeout period has elapsed based on the difference between the date and time measured by the timer and the last access date and time stored in the table. Alternatively, the access control device 10 may measure the non-operation time using a timer. In this case, the access control device 10 resets the timer when the client 30 is operated. As a result, the value of the timer indicates the non-operation time. Also, the access control devices 10 and 40 may measure the elapsed time from the last access date and time using a timer. In this case, when a predetermined access destination is accessed, the access control devices 10 and 40 reset the timer corresponding to that access destination. As a result, the value of the timer indicates the elapsed time since the last access date and time.

The order of the processes executed by the access control devices 10 and 40 described in the above embodiments may be changed as long as there is no contradiction. Also, part or all of the data (for example, tables 121 and 421) stored in memory 12 may be stored in an external storage device.

The functions realized by the processor 11 of the access control device 10 and the processor 41 of the access control device 40 can be realized by combining multiple programs or by linking multiple hardware resources. When the function of the processor 11 or 41 is realized using a program, the program 123 or the program 422 for realizing this function is stored in a computer such as various magnetic recording media, optical recording media, magneto-optical recording media, semiconductor memories, etc. It may be provided in a state stored on a readable recording medium. Also, this program may be distributed via a network. The present invention can also be understood as an access control method.

1, 2: communication system, 10, 40: access control device, 11, 41: processor, 12, 42: memory, 13, 43: first communication unit, 14, 44: second communication unit, 20A: first system , 20B: second system, 30: client, 50: authentication device, 121: table, 122: authentication information, 123: program, 421: table, 422: program

Claims (4)

when a first access to a first system that times out in a first time is received from a client , when the first time has passed since the last access of the first access, a timeout is generated for the own device ;
After accepting from the client a second access to the second system that times out in a second time shorter than the first time, the second access is performed in descending order of the last first access or the last second access, whichever is later . generating a timeout for the own device when the time has elapsed ;
Access control device. When a third access to a third system that times out at a third time longer than the second time and shorter than the first time is accepted from the client , the final first access, the final second access Generating a timeout for the own device after the third time has elapsed from the latest time of the access and the last third access ,
The access control device according to claim 1. 3. An access control device according to claim 1 or 2, wherein said first access comprises a first identifier of said client and said second access comprises a second identifier of said client. When the computer receives a first access to the first system that times out in a first time from a client , a time-out is generated for the own device if the first time has passed since the last access of the first access. let
After accepting the second access to the first system that times out in a second time shorter than the first time, the second access is performed from the later of the last first access or the last second access to the second time. A program for executing a process of generating a time-out for the own device when it is after the elapse.

Images