WO2014091576A1 - 中継装置および中継方法、並びにプログラム - Google Patents
中継装置および中継方法、並びにプログラム Download PDFInfo
- Publication number
- WO2014091576A1 WO2014091576A1 PCT/JP2012/082159 JP2012082159W WO2014091576A1 WO 2014091576 A1 WO2014091576 A1 WO 2014091576A1 JP 2012082159 W JP2012082159 W JP 2012082159W WO 2014091576 A1 WO2014091576 A1 WO 2014091576A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- user
- connection
- password
- server
- relay
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L25/00—Baseband systems
- H04L25/02—Details ; arrangements for supplying electrical power along data transmission lines
- H04L25/20—Repeater circuits; Relay circuits
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
Definitions
- the present invention relates to a relay device, a relay method, and a program.
- privileged ID An ID having authority exceeding the general authority is called “privileged ID”, and for example, root of UNIX system, Administrator of Windows system, SYS, SYSTEM of DB system, etc. are known.
- privilege IDs There are many privilege IDs other than those described above, and some of these privilege IDs may be shared by a plurality of operators or used in a program.
- scenes in which privilege IDs must be used in scenes for normal operation or failure handling For this reason, it is very difficult to identify privileged ID users and perform appropriate access management as compared to access management of general authority IDs.
- Patent Document 1 an operator uses a privilege ID to connect to a relay device before connecting to a server constituting the business information system, and this relay device allows a user to connect to the server.
- a technique for managing a privilege ID by associating a user ID registered by performing authentication with a privilege ID used in a connection destination server and specifying a privilege ID user has been proposed.
- Patent Document 1 Even with the configuration shown in Patent Document 1, there is room for further improvement in strictly managing access with privileged IDs.
- a conventional access example to a server constituting the business information system and an access example in which a problem occurs will be described with reference to the drawings.
- FIG. 5 is a diagram for explaining a conventional access example to a server constituting the business information system.
- a person who wants to access the connection destination server 150 from the work terminal 100 uses a user ID and password in the gateway server 120 for performing privileged ID management, and a user ID and password in the connection destination server 150.
- the gateway server 120 performs user authentication based on the user ID and password managed by the gateway server 120. Further, in the gateway server 120, when it is confirmed that the combination is correct and the combination of the user ID having the login authority to the connection destination server 150 is confirmed, the user ID and password of the connection destination server 150 are confirmed. Is transmitted to the connection destination server 150.
- connection destination server 150 side On the connection destination server 150 side, user authentication is performed based on the user ID and password transmitted from the gateway server 120, and a login process is automatically executed if the combination is a valid user ID and password. As a result, the gateway server 120 can identify the user with the privilege ID. Next, an example in which access management to the connection destination server 150 constituting the business information system cannot be performed on the gateway server 120 side will be described.
- FIG. 6 is a diagram for explaining an example in which access management cannot be performed in the configuration example shown in FIG.
- the information input by the gateway server 120 by a person who wants to access the connection destination server 150 configuring the business information system 100 is different from that in FIG. 5.
- the user ID and password in the gateway server 120 are the same as the user ID in the connection destination server 150, but the wrong password is specified regardless of whether the password of the user ID is intentional or not. It is.
- the login process naturally fails on the connection destination server 150 side, but depending on the access method to the connection destination server 150, the login screen may be displayed on the terminal used by the person who requested the access after the login failure. Therefore, it is theoretically possible to log in by inputting a user ID and password different from the user ID input in the gateway server 120 on the displayed login screen. Also, when logged in by such a method, the gateway server 120 cannot perform privilege ID access management.
- the present invention has been made in view of the above-described problems, and an object thereof is to provide a relay device, a relay method, and a program that can perform appropriate access management.
- the relay device is a relay device that relays connection to a desired server based on a connection request from a client terminal, and a user ID and password for logging in to the desired server are received from the client terminal.
- a reception unit that accepts, a connection relay unit that relays connection to a desired server without performing user authentication based on the user ID and password accepted by the reception unit when establishing a session with the desired server, and a connection by the connection relay unit Connected to a desired server by a process different from the relay process, and has a confirmation unit for confirming the validity of the combination of the user ID and the password received by the reception unit.
- the above connection relay unit is received by the reception unit If the confirmation unit confirms that the user ID and password combination is correct, it establishes a session with the desired server. It is characterized in.
- the confirmation unit may include a predetermined protocol different from a protocol used by the relay unit for communication with the desired server, or a protocol corresponding to a predetermined interface implemented by the desired server. The validity of the combination of the user ID and password accepted by the accepting unit can be confirmed.
- a predetermined interface implemented by a desired server receives a predetermined request with a user ID and a password to which a right authority is granted by the desired server.
- the confirmation unit transmits a predetermined request including the user ID and password received by the reception unit to the service, and when the predetermined information can be acquired by a response from the service Therefore, it can be determined that the combination of the user ID and the password received by the receiving unit is correct.
- the relay method according to the present invention is a relay method for relaying a connection to a server that is a connection request destination based on a connection request from a client terminal, and includes a user ID and a password for logging in to a desired server.
- a reception step received from the client terminal, a connection relay step of relaying the connection to the desired server without performing user authentication based on the user ID and password received in the reception step when establishing a session with the desired server, and connection relay A connection step to connect to a desired server by a process different from the connection relay process by step, and a confirmation step to confirm the validity of the combination of the user ID and the password received at the reception step.
- the combination of the user ID and password received in the reception step Combined is characterized by the establishment of a session with the desired server when it is confirmed in the correct and confirmation steps.
- the program according to the present invention is a program for causing a computer to function as a relay device that relays connection to a desired server based on a connection request from a client terminal, and logs the above-described computer into the desired server.
- Accepting a user ID and password from the client terminal, and relaying the connection to the desired server without performing user authentication based on the user ID and password accepted by the accepting unit when establishing a session with the desired server To connect to the server by a process different from the connection relay process by the connection relay means and the connection relay means, and to function as a confirmation means for confirming the validity of the combination of the user ID and password received by the accepting means.
- the connection relay means described above is Characterized by the establishment of a session with the desired server when the combination of The ID and password are confirmed in a correct and confirmation means.
- the present invention it is possible to provide a relay device, a relay method, and a program that can perform appropriate access management.
- FIG. 6 is a diagram for describing an example in which access management cannot be performed in the configuration example illustrated in FIG. 5. It is a figure for demonstrating the example of an access at the time of providing the password management server in the structural example shown in FIG.
- FIG. 1 is a block diagram illustrating a configuration example of a business information system including a relay device according to an embodiment of the present invention.
- the relay device 10 and the work terminal 20 are connected via the network 30, and the client environment 40 is connected to the network 30 via the relay device 10.
- the network 30 will be described on the premise of remote access via a public line such as the Internet or a local area network (LAN).
- the relay device 10, the client environment 40, and the work terminal 20 are mutually dedicated lines. It may be connected.
- client company or “client company” means a company that performs organizational work by operating various business information systems and receives a service called maintenance work from the external work terminal 20.
- the term “client environment 40” shall be used.
- a client environment 40 indicates a business environment of a certain company X.
- Various business information systems in the client environment 40 are appropriately subjected to maintenance work even after operation. Although this maintenance work may be performed in the client environment 40, most of the maintenance work is executed by remote access from the work terminal 20.
- the worker is usually an SE (System Engineer) of a management company that has signed a maintenance work contract with the company X.
- An operator operates the work terminal 20 to remotely log in to various business information systems in the client environment 40 via the network 30 and the relay device 10.
- the communication path between the work terminal 20 and the relay apparatus 10 is preferably a secure communication path such as VPN (Virtual Private Network).
- the relay device 10 is a device that centrally accepts remote login requests from the work terminal 20 to the client environment 40, and is installed at the network security boundary.
- the relay device 10 includes, for example, TELNET (Telecommunication network), SSH (Secure SHell), FTP (File Transfer Protocol), HTTP (HyperText Transfer Protocol), HTTPS (Hypertext Transfer Protocol Security), RDP (Remote Desktop Protocol), CIFS ( It is configured to be able to perform access control of a predetermined protocol such as Common (Internet) File (System), and audit by log acquisition.
- the relay apparatus 10 uses the user ID and password received from the work terminal 20 when establishing a session with a server constituting various business information systems installed in the client environment 40.
- RDP which is an example of a protocol for relaying a connection to a server without performing the above, is used.
- the relay device 10 establishes a session with the connection request destination server installed in the client environment 40 from the work terminal 20 on the condition that both of the following three-stage determinations are affirmative determinations, Then, enable remote login to the connection request destination server.
- first user authentication Whether the combination of the user ID and password in the relay device 10 is appropriate (hereinafter referred to as “first user authentication”).
- application determination Whether the worker has applied in advance for performing maintenance work, and whether or not the application has been processed correctly (hereinafter referred to as “application determination”).
- application determination Whether or not the combination of the user ID and password in the connection request destination server is appropriate (hereinafter referred to as “second user authentication”).
- first user authentication Whether the worker has applied in advance for performing maintenance work, and whether or not the application has been processed correctly.
- second user authentication Whether or not the combination of the user ID and password in the connection request destination server is appropriate (hereinafter referred to as “second user authentication”).
- first user authentication and the second user authentication are successful, and a work
- the work terminal 20 includes a user ID and password for remotely logging in to the relay device 10 by an operator, and a user ID and password for remotely logging in to servers of various business systems built in the client environment 40.
- the information is transmitted as a remote login request to the relay apparatus 10 via the network 30.
- the client environment 40 includes, for example, three types of business information systems such as a financial information system 41, a customer information system 42, and an inventory management system 43, and one or more approval terminals 44.
- the financial information system 41 is a system for managing the financial information of the company X.
- the customer information system 42 is a system that manages customer information of the company X.
- the inventory management system 43 is a system that manages the inventory status of the products of the company X.
- the approval terminal 44 is a general PC terminal equipped with a web browser, and is a terminal used for approving an application when an operator has previously applied for maintenance work. Note that the approval terminal 44 does not necessarily belong to the client environment 40 and may be a portable terminal such as a notebook PC.
- FIG. 2 is a block diagram illustrating a functional configuration example of the relay device 10 illustrated in FIG. 1.
- Each block shown in FIG. 2 can be realized by configuring an arithmetic processing unit such as a CPU and storage devices such as a RAM, a ROM, and an HDD in terms of hardware, and can be realized by a computer program or the like in terms of software.
- an arithmetic processing unit such as a CPU
- storage devices such as a RAM, a ROM, and an HDD
- functional blocks realized by their cooperation are shown. Therefore, these functional blocks can be realized in various forms by a combination of hardware and software.
- the relay device 10 includes an access management unit 11, a first user authentication unit 12, an application management unit 13, a second user authentication unit 14, and a log management unit 15.
- the relay device 10 will be described as a single device that integrally includes the functions of the access management unit 11, the first user authentication unit 12, the application management unit 13, the second user authentication unit 14, and the log management unit 15. Each function may be constructed by a separate device.
- the access management unit 11 determines whether to permit access to the specific server. Specifically, the access management unit 11 refers to a connection permission database (not shown) for the IP address and host name of the work terminal 20 to check whether or not the terminal is a connection permission target, and the connection permission target If outside, cut immediately. On the other hand, if it is a connection permission target, the access management unit 11 requests the user ID and password managed by the relay device 10 from the work terminal 20 and accepts them. It also requests and accepts a user ID and password at a specific server.
- a connection permission database not shown
- the access management unit 11 determines from the responses from the first user authentication unit 12, the application management unit 13, and the second user authentication unit 14 that access to the specific server is permitted, the access management unit 11 Establish a session between. That is, when all the determinations of the first user authentication unit 12, the application management unit 13, and the second user authentication unit 14 become affirmative, the worker can access the business information system that is the target of the maintenance work. Note that after the session is established, the access management unit 11 serves as a proxy server that proxy communication between the work terminal 20 and a specific server, and records its communication log.
- the first user authentication unit 12 performs the first user authentication based on the user ID and the information input as the password in the relay device 10 supplied from the access management unit 11.
- the first user authentication unit 12 has a first user authentication database (not shown) that manages user IDs and passwords in the relay device 10, and authenticates whether or not the user is a valid user by referring to this database. I do.
- the first user authentication unit 12 returns the execution result of the first user authentication to the access management unit 11.
- the application management unit 13 executes an application determination based on information input as a user ID in the relay device 10 received from the access management unit 11. It should be noted that the worker must have previously applied for what kind of work is scheduled to be performed prior to remote login to a specific server.
- the application management unit 13 has an application management database (not shown) that centrally manages work schedule information in each server, and has been applied for some maintenance work in advance with a user ID indicating the worker. It is confirmed whether or not it exists by referring to this application management database.
- the application management unit 13 returns the application determination result to the access management unit 11.
- the second user authentication unit 14 determines whether the user ID and password at the connection request destination are correct based on the information input as the user ID and password at the connection request destination server supplied from the access management unit 11. (2nd user authentication) is executed. When the second user authentication unit 14 receives the user ID, password, and information (IP address, host name, etc.) indicating the connection request destination from the access management unit 11, the combination of the user ID and password at the connection request destination is correct. And returns the result to the access management unit 11. Details of the second user authentication will be described later.
- the log management unit 15 acquires and manages the contents of access performed by the access management unit 11. For example, a “summary log” such as access date and time and an IP address and a “full-text log” of data transmitted and received between the work terminal 20 and the connection destination server are acquired and managed. Further, the log management unit 15 manages the work application content managed by the application management unit 13 and the access log managed by the log management unit 15 in association with each other, and can easily perform an access check. Here, the access check is to investigate the access log and perform a log audit as to whether or not the access is performed as requested.
- FIG. 3 is a diagram illustrating a display example of a login screen.
- the login screen 50 shown in FIG. 3 is displayed on the work terminal 20 when a remote login request is made from the work terminal 20 to the access management unit 11.
- the access management unit 11 displays the login window 51 in the login screen 50 of the work terminal 20. That is, the access management unit 11 provides the user interface screen of the work terminal 20.
- a user of the work terminal 20 inputs a user ID and a password on a login window 51 displayed in the login screen 50.
- the connection destination is designated from the login destination selection menu window 52 for designating the connection destination.
- “AGW” indicating the relay device 10 is designated.
- the user interface seen from the user is the same as that provided by the conventional terminal server, but the input user identification information is supplied to the first user authentication unit 12, the application management unit 13, and the second user authentication unit 14, User authentication, application determination, and second user authentication are performed, respectively.
- FIG. 4 is a flowchart showing a remote login process to the server constituting the business information system.
- the relay apparatus 10 receives an access request from the work terminal 20, it starts the following processing (START).
- Step S1 The access management unit 11 of the relay device 10 confirms the IP address, host name, and the like of the work terminal 20 that has accessed, and determines whether or not to permit the connection. Specifically, the access management unit 11 refers to the connection permission database (not shown) for the IP address and the host name of the work terminal 20 and confirms whether or not the terminal is a connection permission target terminal. This determination may be based on either the IP address or the host name, or may be based on whether the combination of both is correct.
- Step S2 If the access management unit 11 determines in step S1 that the connection from the work terminal 20 is not permitted (NO in step S1), the access management unit 11 immediately disconnects the connection. In step S2, a message indicating that the terminal cannot be connected may be displayed on the display of the work terminal 20 without immediately disconnecting the connection.
- Step S3 On the other hand, if it is determined that the connection from the work terminal 20 is permitted in Step S2 (YES in Step S2), the access management unit 11 makes the work terminal 20 suitable for the communication protocol. Request user identification information (user ID and password). Specifically, since the communication protocol in the present embodiment is RDP, the login screen 50 (FIG. 3) is displayed on the display of the work terminal 20, and the operator inputs the user ID and password in the relay device 10. Accept. Then, the work terminal 20 transmits the information input as the user ID and password in the relay device 10 input via the login screen 50 to the access management unit 11.
- the communication protocol in the present embodiment is RDP
- the login screen 50 (FIG. 3) is displayed on the display of the work terminal 20, and the operator inputs the user ID and password in the relay device 10. Accept.
- the work terminal 20 transmits the information input as the user ID and password in the relay device 10 input via the login screen 50 to the access management unit 11.
- Step S4 The access management unit 11 receives information input as user identification information in the relay device 10 from the work terminal 20.
- the access management unit 11 supplies the information received in step S4 to the first user authentication unit 11 and the application management unit 13, thereby executing the first user authentication and application determination.
- Step S5 The first user authentication unit 12 refers to a database (not shown) holding a combination of a user ID and a password authorized to connect to the relay device 10 itself, and the information supplied from the access management unit 11 Based on the above, it is determined whether the user is an authorized user to connect (that is, the first user authentication is performed).
- the application management unit 13 refers to an application management database (not shown) that centrally manages work schedule information on each server, and has applied for any maintenance work in advance with the supplied user ID. It is determined whether or not (that is, application determination is performed). These determination results are returned to the access management unit 11.
- Step S6 The access management unit 11 determines whether or not the first user authentication and application determination in step S5 are successful. Specifically, the access management unit 11 determines whether the execution result of step S5 is an affirmative result that the worker is a user authorized to connect and that some maintenance work has been applied for in advance. Judge whether or not.
- Step S7 The access management unit 11 includes a negative result that the worker is not a user authorized to connect or that no maintenance work has been applied in advance in the execution result of Step S5. (NO in step S6), an authentication error message is displayed on the display of the work terminal 20.
- Step S8 On the other hand, the execution result of step S5 is an affirmative result that the operator is a user who has the authority to connect and that some maintenance work has been applied in advance.
- the work terminal 20 is further requested to input the server name as the connection request destination and the user identification information (user ID and password) at the connection request destination server.
- the login screen displayed on the work terminal 20 at this time may be the same as the login screen 50 shown in FIG. 3 or may be displayed differently.
- the work terminal 20 accepts input of the server name of the connection request destination and the user ID and password at the connection request destination server from the worker based on the request in step S8, and inputs the input information to the access management unit 11. Send.
- Step S9 The access management unit 11 receives the information input at the work terminal 20 as a response to Step S8.
- the access management unit 11 supplies the information received in step S9 to the second user authentication unit 14.
- Step S10 The second user authenticating unit 14 is based on information supplied from the access managing unit 11 (that is, information indicating a connection request destination, information input as a user ID and a password at the connection request destination server), A predetermined command request is issued to the server that is the connection request destination, and second user authentication is executed.
- the predetermined command request here refers to various types of servers for services provided by the WMI interface. Issue a request to notify information.
- the various types of information here include, for example, service information running on the server, service information such as status, process information such as process name and used memory capacity, disk information such as disk capacity and free disk space, CPU information such as CPU usage, OS information such as product name and product type, event log information such as event contents, memory information such as physical memory capacity, and the like.
- service information such as status
- process information such as process name and used memory capacity
- disk information such as disk capacity and free disk space
- CPU information such as CPU usage
- OS information such as product name and product type
- event log information such as event contents
- memory information such as physical memory capacity, and the like.
- Step S11 The access management unit 11 determines whether or not the second user authentication is successful based on the execution result of Step S10. That is, when the requested information is normally transmitted from the server, the access management unit 11 can confirm the validity of the user ID and password at the connection request destination server, and the second user authentication is successful. Can be determined. On the other hand, if the information requested from the server is not transmitted (such as an error message), the access management unit 11 cannot confirm the validity of the user ID and password at the connection request destination server. It is determined that the user authentication has failed.
- Step S12 When the access management unit 11 determines that the second user authentication has failed in Step S11 (NO in Step S11), the access management unit 11 displays an authentication error message on the display of the work terminal 20, and Do not allow the establishment of a session with the server.
- Step S13 On the other hand, when the access management unit 11 determines that the second user authentication is successful in Step S11 (YES in Step S11), the access management unit 11 establishes a session with the connection request destination server. Thus, the subsequent remote login process is continued.
- the access management unit 11 is connected to the connection request destination server only when all the determinations of the first user authentication unit 12, the application management unit 13, and the second user authentication unit 14 are affirmative. Session is established. As a result, the worker can remotely access the business information system that is the subject of the maintenance work.
- the access management unit 11 of the relay device 10 configures the financial information system 41, the customer information system 42, and the inventory management system 43 of the business information system based on the connection request from the work terminal 20 (client terminal).
- a user ID and password for logging in to any one of the servers to be performed (desired server) is received from the work terminal 20, and the user authentication based on the user ID and password received when establishing a session with the server is not performed.
- the second user authentication unit 14 connects to the server by a process different from the process of relaying this connection, confirms the validity of the combination of the above user ID and password, and this user.
- the second user authentication unit 14 confirms that the combination of ID and password is correct So that the establishment of the session with over server.
- the login method described with reference to FIG. 6 cannot be performed, and appropriate access management of privilege IDs can be realized.
- the password at the connection request destination server is incorrect at the time of the second user authentication at the relay device 10
- a session is established between the relay device 10 and the connection request destination server.
- a login screen for logging in to the connection request destination server is not displayed on the display of the work terminal 20.
- the access management unit 11 of the relay apparatus 10 confirms the validity of the received combination of user ID and password using the WMI interface (predetermined interface) implemented by the server.
- the validity of the user ID and password can be confirmed in advance by a connection process different from the remote login process (connection relay process) by the relay apparatus 10. Therefore, there is no need to actually log in to the connection request destination server. Further, this different connection process is not recorded in the login history information in the connection request destination server. Further, the relay device 10 may not hold the password information of the user ID managed by the connection request destination server.
- a configuration as shown in FIG. 7 is also conceivable.
- a password management server 130 that manages the password of the connection destination server 150 is constructed separately from the gateway server 120.
- the gateway server 120 receives the user ID and password (PW) in the gateway server 120 and the user ID and password in the connection destination server 150 from the work terminal 20, the gateway server 120 connects to the password management server 130 in the connection destination server.
- a password corresponding to the user ID at 150 is inquired, and the validity of the password transmitted from the work terminal 20 is confirmed. Then, when the validity of the password transmitted from the work terminal 20 is confirmed, the connection destination server 150 is automatically logged in.
- the password management server 130 must be constructed separately from the gateway server 120, the password management operation is burdened, and the cost for constructing the password management server 130 is newly generated.
- There are some disadvantages such as On the other hand, in the case of configuring the relay device 10 described above, it is not necessary to construct the password management server 130, so these disadvantages do not occur.
- the WMI interface implemented by the connection request destination server has a service that provides predetermined information when a predetermined request with a user ID and a password to which a legitimate authority is granted is accepted.
- the access management unit 11 transmits a predetermined request including the received user ID and password to this service, and when the predetermined information can be acquired by a response from the service, the access management unit 11 It is determined that the password combination is correct.
- the response of the service provided by the WMI interface implemented by the connection request destination server is returned normally, it means that the user has the access right as a premise that the service is executed. Therefore, it is possible to easily confirm the validity of the received user ID and password.
- confirmation is performed using the protocol corresponding to the above-described WMI interface implemented by the connection request destination server, it is not necessary to make a significant setting change or the like on the connection request destination server side.
- the series of processes described above can be executed by hardware or software.
- a program constituting the software may execute various functions by installing a computer incorporated in dedicated hardware or various programs. For example, it is installed from a program recording medium in a general-purpose personal computer or the like. That is, the relay method executed by the relay device 10 and the program installed in the relay device 10 also have the same effect as the relay device 10.
- the present invention is not limited to the above-described embodiments as they are, and various inventions can be formed without departing from the scope of the invention at the stage of implementation.
- the method of confirming the validity of the user ID and password at the connection request destination server exemplified in step S10 of FIG. 4 is not limited to the above-described example.
- CIFS Common Internet File System
- a command for reading the attribute of a specific file is You may make it issue by designating the user ID and password in the server of a connection request destination. If the attribute information of a specific file can be acquired in response to the issued command in this way, it can be determined that the validity of the user ID and password at the connection request destination has been confirmed.
- CIFS Common Internet File System
- protocol A another protocol (hereinafter referred to as the following protocol) that shares the same user ID and authentication method as the protocol (hereinafter referred to as protocol A) in which user authentication is performed after the session between the connection request destination server and the relay device 10 is established.
- protocol B the protocol A is connected to the relay device 10 after the existence of the user and the validity of the password are confirmed using the protocol B. Can be guaranteed.
- the application determination it is determined whether or not any maintenance work has been applied in advance with the user ID supplied from the work terminal 20. While requesting up to the destination server name, whether or not the server name of the connection request destination matches the server name for which maintenance work has been applied in advance may be added to the application determination.
- the first user authentication and the second user authentication information for executing each authentication is requested to the work terminal 20 separately.
- the user ID and password in the relay device 10 the connection request destination, You may make it request
- various inventions can be made by further modifying and embodying the constituent elements of the above-described embodiments and modifications, or by appropriately combining a plurality of constituent elements disclosed in the above-described embodiments and modifications. Can be formed. For example, you may delete some components from all the components shown by embodiment and a modification. Furthermore, you may combine the component covering different embodiment suitably.
- Relay device 11 ... Access management unit (an example of a reception unit and a connection relay unit) 12 ... 1st user authentication part 13 ... Application management part 14 ... 2nd user authentication part (an example of a confirmation part) 15 ... log management unit 20 ... working terminal (an example of a client terminal) 30 ... Network 40 ... Client environment 41 ... Financial information system (an example of a desired server) 42. Customer information system (an example of a desired server) 43 ... Inventory management system (an example of a desired server) 44 ... Terminal 50 for approval ... Login screen 51 ... Login window 52 ... Login destination selection menu window
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Power Engineering (AREA)
- Information Transfer Between Computers (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
図1は、本発明の一実施形態に係る中継装置を含む業務情報システムの構成例を示すブロック図である。同図に示す業務情報システムは、中継装置10と作業用端末20がネットワーク30を介して接続されているとともに、クライアント環境40が、中継装置10を介してネットワーク30に接続されている。以下において、ネットワーク30は、インターネットやローカルエリアネットワーク(LAN)等の公衆回線を介したリモートアクセスを前提として説明するが、中継装置10やクライアント環境40、作業用端末20は、互いに専用回線にて接続されてもよい。また、本明細書においては、各種の業務情報システムの運用により組織業務を実行する側の企業であって、外部の作業用端末20からメンテナンス作業というサービスを受けるクライアントという意味で「クライアント企業」や「クライアント環境40」という用語を使用するものとする。
1.中継装置10におけるユーザIDおよびパスワードの組み合わせが適切であるか否か(以下、「第1のユーザ認証」という。)
2.作業者がメンテナンス作業を実行することが事前申請されており、その申請が正しく処理されているか否か(以下、「申請判定」という。)
3.接続要求先のサーバにおけるユーザIDおよびパスワードの組み合わせが適切であるか否か(以下、「第2のユーザ認証」という。)
すなわち、接続要求先のサーバとのセッションの確立がなされるための条件としては、上記の第1のユーザ認証および第2のユーザ認証に成功し、かつ、申請判定において作業申請済みであることである。
図2は、図1に示す中継装置10の機能構成例を示すブロック図である。図2に示す各ブロックは、ハードウェア的には、CPUなどの演算処理装置、RAM,ROM、HDDなどの各記憶装置などを構成することで実現でき、ソフトウェア的にはコンピュータプログラム等によって実現されるが、ここでは、それらの連携によって実現される機能ブロックを示している。したがって、これらの機能ブロックはハードウェア、ソフトウェアの組合せによって様々なかたちで実現することができる。
図3は、ログイン画面の表示例を示す図である。図3に示すログイン画面50は、作業用端末20からアクセス管理部11にリモートログイン要求するときに、作業用端末20に表示される。アクセス管理部11は、リモートログイン要求を受け付けると、ログインウィンドウ51を作業用端末20のログイン画面50内に表示させる。すなわち、アクセス管理部11が、作業用端末20のユーザインタフェース画面を提供することになる。作業用端末20のユーザは、ログイン画面50内に表示されたログインウィンドウ51上でユーザIDやパスワードを入力する。また、接続先を指定するためのログイン先選択メニューウィンドウ52から接続先を指定する。なお、図3に示す画面では、中継装置10を示す「AGW」が指定されている。ユーザからみたユーザインタフェースは従来のターミナルサーバが提供するものと同じであるが、入力されたユーザ識別情報は第1ユーザ認証部12、申請管理部13、および第2ユーザ認証部14に供給され、それぞれユーザ認証、申請判定、第2のユーザ認証が行われる。
次に、業務情報システムを構成するサーバへのリモートログイン処理について説明する。図4は、業務情報システムを構成するサーバへのリモートログイン処理を示すフローチャートを示す図である。中継装置10は作業用端末20からアクセス要求を受信すると以下の処理を開始する(START)
以上のように、中継装置10のアクセス管理部11は、作業用端末20(クライアント端末)からの接続要求に基づいて業務情報システムの財務情報システム41、顧客情報システム42、在庫管理システム43を構成するサーバのいずれか(所望のサーバ)にログインするためのユーザIDとパスワードを作業用端末20から受け付け、サーバとのセッション確立の際に受け付けたユーザIDとパスワードによるユーザ認証を行わないでサーバへの接続を中継するものであり、この接続を中継する処理とは異なる処理により第2ユーザ認証部14によってサーバへと接続し、上述のユーザIDとパスワードの組み合わせの正当性を確認し、このユーザIDとパスワードの組み合わせが正しいと第2ユーザ認証部14により確認された場合にサーバとのセッションの確立をするようにしている。これにより、図6で説明したようなログイン方法はできなくなり、特権IDの適切なアクセス管理を実現することができる。具体的には、中継装置10での第2のユーザ認証時に接続要求先となるサーバでのパスワードが間違えていると、中継装置10と接続要求先のサーバとの間でのセッションが確立されることがない。つまり、図6で説明したようなログイン方法の場合には、作業用端末20のディスプレイに接続要求先のサーバにログインするためのログイン画面が表示されることがない。
この発明は、上記実施の形態そのままに限定されるものではなく、実施段階ではその要旨を逸脱しない範囲で種々の発明を形成できる。たとえば、図4のステップS10で例示した接続要求先のサーバでのユーザIDとパスワードの正当性を確認する方法は上述した例に限られない。たとえば、接続要求先のサーバがWindowsシステムで構築されており、かつCommon Internet File System(CIFS)プロトコルによりファイル共有サービスが実行されている場合に、特定のファイルの属性の読み出しを実行するコマンドを、接続要求先のサーバでのユーザIDとパスワードを指定して発行するようにしてもよい。このようにして発行したコマンドの応答にて、特定のファイルの属性情報を取得できた場合に、接続要求先でのユーザIDとパスワードの正当性が確認できたと判断することも可能である。
11…アクセス管理部(受付部、接続中継部の一例)
12…第1ユーザ認証部
13…申請管理部
14…第2ユーザ認証部(確認部の一例)
15…ログ管理部
20…作業用端末(クライアント端末の一例)
30…ネットワーク
40…クライアント環境
41…財務情報システム(所望のサーバの一例)
42…顧客情報システム(所望のサーバの一例)
43…在庫管理システム(所望のサーバの一例)
44…承認用端末
50…ログイン画面
51…ログインウィンドウ
52…ログイン先選択メニューウィンドウ
Claims (5)
- クライアント端末からの接続要求に基づいて所望のサーバへの接続を中継する中継装置であって、
前記所望のサーバにログインするためのユーザIDとパスワードを前記クライアント端末から受け付ける受付部と、
前記受付部で受け付けたユーザIDとパスワードによるユーザ認証を前記所望のサーバとのセッション確立の際に行わないで前記所望のサーバへの接続を中継する接続中継部と、
前記接続中継部による接続中継処理とは異なる処理により前記所望のサーバへと接続し、前記受付部で受け付けたユーザIDとパスワードの組み合わせの正当性を確認する確認部とを有し、
前記接続中継部は、
前記受付部で受け付けたユーザIDとパスワードの組み合わせが正しいと前記確認部で確認された場合に前記所望のサーバとのセッションの確立をする、
ことを特徴とする中継装置。
- 請求項1に記載の中継装置であって、
前記確認部は、
前記接続中継部が前記所望のサーバとの間の通信で用いるプロトコルとは異なる所定のプロトコル、あるいは前記所望のサーバが実装している所定のインタフェースに対応するプロトコルを用いて、前記受付部で受け付けたユーザIDとパスワードの組み合わせの正当性を確認することを特徴とする中継装置。
- 請求項2に記載の中継装置であって、
前記所望のサーバが実装している所定のインタフェースは、前記所望のサーバにて正当な権限が付与されているユーザIDおよびパスワードを伴った所定の要求を受け付けると、所定の情報を提供するサービスを有し、
前記確認部は、
前記受付部で受け付けたユーザIDとパスワードを含む所定の要求を前記サービスに対して送信し、前記サービスからの応答で前記所定の情報を取得できた場合に、前記受付部で受け付けたユーザIDとパスワードの組み合わせが正しいと判断する、
ことを特徴とする中継装置。
- クライアント端末からの接続要求に基づいて接続要求先となるサーバへの接続を中継する中継方法であって、
前記所望のサーバにログインするためのユーザIDとパスワードを前記クライアント端末から受け付ける受付ステップと、
前記受付ステップで受け付けたユーザIDとパスワードによるユーザ認証を前記所望のサーバとのセッション確立の際に行わないで前記所望のサーバへの接続を中継する接続中継ステップと、
前記接続中継ステップによる接続中継処理とは異なる処理により前記所望のサーバへと接続し、前記受付ステップにて受け付けたユーザIDとパスワードの組み合わせの正当性を確認する確認ステップと、を有し、
前記接続中継ステップでは、
前記受付ステップで受け付けたユーザIDとパスワードの組み合わせが正しいと前記確認ステップで確認された場合に前記所望のサーバとのセッションの確立をする、
ことを特徴とする中継方法。
- クライアント端末からの接続要求に基づいて所望のサーバへの接続を中継する中継装置としてコンピュータを機能させるためのプログラムであって、
前記コンピュータを
前記所望のサーバにログインするためのユーザIDとパスワードを前記クライアント端末から受け付ける受付手段と、
前記受付手段で受け付けたユーザIDとパスワードによるユーザ認証を前記所望のサーバとのセッション確立の際に行わないで前記所望のサーバへの接続を中継する接続中継手段と、
前記接続中継手段による接続中継処理とは異なる処理により前記サーバへと接続し、前記受付手段で受け付けたユーザIDとパスワードの組み合わせの正当性を確認する確認手段、として機能させるためのものであり、
前記接続中継手段は、
前記受付部で受け付けたユーザIDとパスワードの組み合わせが正しいと前記確認部で確認された場合に前記所望のサーバとのセッションの確立をする、
ことを特徴とするプログラム。
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP2012/082159 WO2014091576A1 (ja) | 2012-12-12 | 2012-12-12 | 中継装置および中継方法、並びにプログラム |
JP2014551784A JP6013508B2 (ja) | 2012-12-12 | 2012-12-12 | 中継装置および中継方法、並びにプログラム |
SG11201504468WA SG11201504468WA (en) | 2012-12-12 | 2012-12-12 | Relay device, relay method, and program |
US14/651,912 US9887986B2 (en) | 2012-12-12 | 2012-12-12 | Relay device, relay method, and program |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP2012/082159 WO2014091576A1 (ja) | 2012-12-12 | 2012-12-12 | 中継装置および中継方法、並びにプログラム |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2014091576A1 true WO2014091576A1 (ja) | 2014-06-19 |
Family
ID=50933899
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2012/082159 WO2014091576A1 (ja) | 2012-12-12 | 2012-12-12 | 中継装置および中継方法、並びにプログラム |
Country Status (4)
Country | Link |
---|---|
US (1) | US9887986B2 (ja) |
JP (1) | JP6013508B2 (ja) |
SG (1) | SG11201504468WA (ja) |
WO (1) | WO2014091576A1 (ja) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2019028743A (ja) * | 2017-07-31 | 2019-02-21 | 京セラドキュメントソリューションズ株式会社 | 情報処理システムおよび情報処理方法 |
JP2022510443A (ja) * | 2018-12-06 | 2022-01-26 | フェニックス コンタクト ゲゼルシャフト ミット ベシュレンクテル ハフツング ウント コンパニー コマンディートゲゼルシャフト | ログイン機能を備えたルーターとそれに適したアクセス制御方法 |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2851833B1 (en) | 2013-09-20 | 2017-07-12 | Open Text S.A. | Application Gateway Architecture with Multi-Level Security Policy and Rule Promulgations |
US10824756B2 (en) | 2013-09-20 | 2020-11-03 | Open Text Sa Ulc | Hosted application gateway architecture with multi-level security policy and rule promulgations |
US10171501B2 (en) * | 2013-09-20 | 2019-01-01 | Open Text Sa Ulc | System and method for remote wipe |
US11593075B2 (en) | 2015-11-03 | 2023-02-28 | Open Text Sa Ulc | Streamlined fast and efficient application building and customization systems and methods |
US10622101B1 (en) | 2016-01-06 | 2020-04-14 | United Services Automobile Association (Usaa) | Electronic medical record transfer systems and methods |
US11388037B2 (en) | 2016-02-25 | 2022-07-12 | Open Text Sa Ulc | Systems and methods for providing managed services |
CN112672352B (zh) * | 2020-12-16 | 2023-03-24 | 珠海格力电器股份有限公司 | 智能设备配网方法、mesh中继节点、智能设备及服务器 |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2012203624A (ja) * | 2011-03-25 | 2012-10-22 | Nomura Research Institute Ltd | 業務情報防護装置および業務情報防護方法、並びにプログラム |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6324648B1 (en) * | 1999-12-14 | 2001-11-27 | Gte Service Corporation | Secure gateway having user identification and password authentication |
US6996841B2 (en) * | 2001-04-19 | 2006-02-07 | Microsoft Corporation | Negotiating secure connections through a proxy server |
JP2006148661A (ja) * | 2004-11-22 | 2006-06-08 | Toshiba Corp | 情報端末遠隔操作システム、そのリモートアクセス端末、そのゲートウェイサーバ、その情報端末制御装置、情報端末装置、およびその遠隔操作方法 |
US8788674B2 (en) * | 2005-01-12 | 2014-07-22 | Blue Coat Systems, Inc. | Buffering proxy for telnet access |
US7958347B1 (en) * | 2005-02-04 | 2011-06-07 | F5 Networks, Inc. | Methods and apparatus for implementing authentication |
US8849988B2 (en) * | 2008-11-25 | 2014-09-30 | Citrix Systems, Inc. | Systems and methods to monitor an access gateway |
JP5212913B2 (ja) | 2009-03-02 | 2013-06-19 | 日本電気株式会社 | Vpn接続システム、及びvpn接続方法 |
US8504818B2 (en) * | 2010-04-15 | 2013-08-06 | Microsoft Corporation | Method and system for reliable protocol tunneling over HTTP |
-
2012
- 2012-12-12 WO PCT/JP2012/082159 patent/WO2014091576A1/ja active Application Filing
- 2012-12-12 JP JP2014551784A patent/JP6013508B2/ja active Active
- 2012-12-12 US US14/651,912 patent/US9887986B2/en active Active
- 2012-12-12 SG SG11201504468WA patent/SG11201504468WA/en unknown
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2012203624A (ja) * | 2011-03-25 | 2012-10-22 | Nomura Research Institute Ltd | 業務情報防護装置および業務情報防護方法、並びにプログラム |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2019028743A (ja) * | 2017-07-31 | 2019-02-21 | 京セラドキュメントソリューションズ株式会社 | 情報処理システムおよび情報処理方法 |
JP2022510443A (ja) * | 2018-12-06 | 2022-01-26 | フェニックス コンタクト ゲゼルシャフト ミット ベシュレンクテル ハフツング ウント コンパニー コマンディートゲゼルシャフト | ログイン機能を備えたルーターとそれに適したアクセス制御方法 |
Also Published As
Publication number | Publication date |
---|---|
US9887986B2 (en) | 2018-02-06 |
JP6013508B2 (ja) | 2016-10-25 |
US20150326557A1 (en) | 2015-11-12 |
JPWO2014091576A1 (ja) | 2017-01-05 |
SG11201504468WA (en) | 2015-07-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6013508B2 (ja) | 中継装置および中継方法、並びにプログラム | |
US10938800B2 (en) | System and method for secure access of a remote system | |
JP6656157B2 (ja) | ネットワーク接続自動化 | |
US8589489B2 (en) | Method and system for providing secure remote access and control | |
CN106411857B (zh) | 一种基于虚拟隔离机制的私有云gis服务访问控制方法 | |
US20140020062A1 (en) | Techniques for protecting mobile applications | |
JP5382819B2 (ja) | ネットワークマネジメントシステム及びサーバ | |
US8856881B2 (en) | Method and system for access control by using an advanced command interface server | |
US10229262B2 (en) | Systems, methods, and apparatuses for credential handling | |
US9712536B2 (en) | Access control device, access control method, and program | |
CN102045337A (zh) | 用于管理网络资源的装置和方法 | |
JP2008508797A (ja) | 確実なネットワーク接続性のためのシステム及び方法 | |
WO2023029138A1 (zh) | 登录方法、电子设备及计算机可读存储介质 | |
CN110798310A (zh) | 使用准许的区块链向IoT中枢的组件委托 | |
RU2415466C1 (ru) | Способ управления идентификацией пользователей информационных ресурсов неоднородной вычислительной сети | |
US10447818B2 (en) | Methods, remote access systems, client computing devices, and server devices for use in remote access systems | |
US20140052827A1 (en) | Relay communication system | |
WO2024006135A1 (en) | Quorum-based authorization to secure sensitive cloud assets | |
KR102576357B1 (ko) | 제로 트러스트 보안인증 시스템 | |
WO2014079489A1 (en) | Methods and systems for managing access to a location indicated by a link in a remote access system | |
JP6537019B2 (ja) | 中継装置及び中継通信システム | |
JP2012053527A (ja) | リモートアクセスシステム、サーバコンピュータ、リモートアクセス方法およびプログラム | |
JP6696373B2 (ja) | 管理装置及び共用ネットワークシステム | |
US20160308867A1 (en) | Method and system for secure remote access and control using shared resources | |
JP2008217588A (ja) | 遠隔制御システム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 12889819 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2014551784 Country of ref document: JP Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 14651912 Country of ref document: US |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 12889819 Country of ref document: EP Kind code of ref document: A1 |