JP2015153139A - Rule table generating apparatus, generating method, and generating program - Google Patents

Abstract

A rule table generation device, a generation method, and a generation program capable of efficiently generating a rule table are provided.
A rule table generation apparatus according to the present invention includes an input unit that receives input of business process information and access information accessed in each task of the business process, based on the workflow, and the business process information adjacent to each other. An adjacency matrix generating unit 30 for converting into a matrix; an adjacency matrix bundle structuring unit 20 for forming an adjacency matrix table by bundling an adjacency matrix; and each of adjacency matrix tables corresponding to each task based on business process information Correspondence table creation unit 40 that creates a correspondence table related to the correspondence relationship between nodes and access information, correspondence table bundle structuring unit 25 that creates a correspondence table by bundling the correspondence table, and correspondence to adjacent matrix table A rule table generation unit 170 that calculates the access right of each node based on the table.
[Selection] Figure 2

Description

  The present invention relates to a rule table generation device, a generation method, and a generation program for efficiently generating a rule table for managing access rights to information.

  An access control technique for preventing unauthorized access to information is an indispensable technique for preventing information leakage and unauthorized use. Conventionally, access control to information has been performed by setting an access right for the authority of the user who refers to the information or the post of the user (see Non-Patent Document 1). A conventional access control technique for setting an access right for each user will be described below.

  FIG. 13 is a diagram showing a configuration of a conventional access control apparatus that sets an access right for each user. The access control apparatus 1000 includes an input unit 1001, an output unit 1002, an authentication unit 1003, business processing units 1004-1, 1004-2,... 1004-N, an access authority check unit 1005, and an information search unit 1006. And a business authority table T1001, an access authority table T1002, and an information table T1003.

  The input unit 1001 performs input to the access control apparatus 1000 from the outside. The output unit 1002 outputs the processing result in the access control apparatus 1000 from the access control apparatus 1000 to the outside. The authentication unit 1003 checks the business execution authority in the business authority table T1001 based on the user ID.

The business authority table T1001 is a table that associates business IDs that can be implemented for each user ID. Table 1 shows an example of the business authority table T1001.

  The business processing units 1004-1, 1004-2,... 1004-N (hereinafter referred to as business processing unit 1004 unless otherwise distinguished) are divided for each business to be executed, and instructions from the input unit 1001 Execute business according to Each of the business processing units 1004-1, 1004-2,... 1004-N executes a business using information to which an information type code is assigned.

  The access authority check unit 1005 checks the access authority to the information type code to be searched based on the user ID in the access authority table T1002.

The access authority table T1002 is a table that associates accessible information type codes for each user ID. Table 2 shows an example of the access authority table T1002.

  The information search unit 1006 searches the information table T1003 for information after the validity of the access right is confirmed.

The information table T1003 includes a personal code for identifying an individual, an information type code indicating the type of information, and an information entity. Table 3 shows an example of the information table T1003. The information search unit 1006 searches the information table T1003 with the personal code and the information type code, and acquires an information entity.

  The processing procedure of the conventional access control apparatus will be described with reference to FIG. First, the input unit 1001 inputs the user ID, business ID, and personal code of the user who uses the access control apparatus 1000, and sends them to the authentication unit 1003. The authentication unit 1003 searches the business authority table T1001 using the user ID and business ID input by the input unit 1001. If there is a matching record, the business process of the business ID corresponding to the user ID and personal code is performed. Part 1004. If there is no matching record, an error signal is sent to the output unit 1002.

  Next, the business processing unit 1004 of the corresponding business ID receives the user ID and personal code from the authentication unit 1003 and executes the business processing. When using information with an information type code in business processing, the user ID, personal code, and information type code are sent to the access authority check unit 1005. The access authority check unit 1005 searches the access authority table T1002 using the acquired user ID and information type code. If there is no matching record, an error signal is sent to the job processing unit 1004. If there is a matching record, the personal code and the information type code are sent to the information search unit 1006.

  The information search unit 1006 searches the information table T1003 with the personal code and the information type code, acquires an information entity, and sends it to the business processing unit 1004. The business processing unit 1004 sends an error signal to the output unit 1002 when an error signal is returned from the access authority check unit 1005, and continues the business processing when an information entity is obtained from the information search unit 1006. . When the business process is completed, the processing result is sent to the output unit 1002. Finally, the output unit 1002 outputs the obtained business process result to the outside.

  In the conventional access control apparatus described above, the job authority table T1001 and the access authority table T1002 are provided with title information items, the job title information is input by the input unit 1001, and the job ID to be executed using the job title information by the authentication unit 1003. The access authority check unit 1005 checks the information type code using the post information, thereby enabling the access right to be checked by the post.

[Online], access control matrix, [October 11, 2012 search], Internet <URL: http://www.jpo.go.jp/shiryou/s_sonota/hyoujun_gijutsu/info_sec_tech/c-2-1.html >

  In the case of a conventional access control apparatus, access rights are set for the user who refers to the information or the post of the user, etc., so that access is possible according to the intention of the user having the access right. For this reason, unauthorized access is possible, for example, because a person with access rights has malicious intent. For example, in the public sector, the user first registers information in the application work, and processing is performed after confirmation by a public institution staff. However, in the conventional access right setting method, the access right is set for the staff. , I was able to access user information at times other than application work. Regarding access to information, rules (regulations, laws, etc.) have been established in advance, and there has been a demand for a mechanism that enables access to information only in accordance with these rules.

  In addition, when the table that defines the access right of information is set by a personal method, several problems arise, resulting in poor efficiency. Specifically, if such a table is set by manually extracting and setting access right definitions, technical understanding is required, and today's huge system In design, since the number of tasks included in the work is very large, the work required for setting a table is increasing. For this reason, the ratio of the cost occupied by the table setting work out of the total system development cost is not small. In addition, such a table setting has a risk that a malfunction such as a bug or a security hole occurs due to a human error.

  Accordingly, an object of the present invention made in view of such a point is to provide a rule table generation device, a generation method, and a generation method capable of efficiently generating a rule table capable of restricting access to information other than the purpose to be accessed. To provide a generation program.

  In order to solve the above-described problems, the rule table generation device according to the present invention is based on a workflow, an input unit that receives input of business process information and access information accessed in each task of the business process, Based on the information on the business process, an adjacency matrix generation unit that converts business process information into an adjacency matrix, an adjacency matrix bundle structuring unit that forms an adjacency matrix table by bundling the adjacency matrix, Correspondence table creation unit that creates a correspondence table related to the correspondence relationship between each node of the corresponding adjacency matrix table and the access information, and correspondence table bundle structure that creates a correspondence table table by bundling the correspondence table And a rule table generation unit that calculates an access right of each node based on the adjacency matrix table and the correspondence table table. That.

  The present invention can also be realized as a method and program substantially corresponding to the rule table generating device described above, and it should be understood that these are also included in the scope of the present invention.

  For example, the rule table generation method according to the present invention is a rule table generation method in a rule table generation device, and inputs business process information and access information accessed in each task of the business process based on a workflow. Accepting, converting the business process information into an adjacency matrix, creating an adjacency matrix table by bundling the adjacency matrix, and based on the business process information, the task corresponding to each task Creating a correspondence table related to the correspondence between each node of the adjacency matrix table and the access information; creating a correspondence table by bundling the correspondence table; and the adjacency matrix table and the correspondence table Calculating the access right of each node based on the table; Including.

  Further, the rule table generation program according to the present invention includes a step of accepting input of business process information and access information accessed in each task of the business process based on a workflow to the computer, and the business process information. Converting to an adjacency matrix; creating an adjacency matrix table by bundling the adjacency matrix; and each node of the adjacency matrix table corresponding to each task based on the information of the business process; and the access Based on the step of creating a correspondence table related to the correspondence relationship with the information, the step of creating the correspondence table by bundling the correspondence table, the adjacency matrix table and the correspondence table table, And calculating an access right.

  According to the rule table generation device, generation method, and generation program according to the present invention configured as described above, a rule table can be efficiently generated by inputting business process information.

  Further, since the rule table is automatically created, the cost required for generating the rule table can be reduced. Furthermore, it is possible to reduce the risk of occurrence of problems such as bugs or security holes due to human errors.

It is a figure which shows the structure of the access control apparatus in which the rule table production | generation apparatus which concerns on one Embodiment of this invention is used. It is a schematic block diagram of the rule table production | generation apparatus which concerns on one Embodiment of this invention. It is a figure which shows the example of the workflow used in order to produce | generate a rule table by the rule table production | generation apparatus which concerns on one Embodiment of this invention. It is a figure which shows the example of an adjacency matrix. It is a figure which shows the example of a correspondence table. It is a figure which shows the example of a flag management table. It is a figure which shows the example of a rule table matrix. It is a flowchart which shows the example of the production | generation procedure of the rule table matrix in a rule table production | generation part. It is a figure which shows the example of the transition of the flag management table accompanying the production | generation of a rule table matrix. It is a figure which shows a part of example of a transition of a rule table matrix. It is a flowchart which shows the example of the search method of the next node in a next node search part. It is a flowchart which shows the example of the search method of the return node in a return node search part. It is a figure which shows the structure of the conventional access control apparatus.

  Embodiments of the present invention will be described below with reference to the drawings.

  FIG. 1 is a diagram illustrating a configuration of an access control device in which a rule table generation device according to an embodiment of the present invention is used. 1 includes an input unit 101, an output unit 102, an authentication unit 103, business processing units 104-1, 104-2,... 104-N, a rule information search unit 105, The information search unit 106 includes a work authority table T101, a rule table T160, and an information table T103. The rule information search unit 105 and the information search unit 106 constitute an information management unit that manages information and business in association with each other, checks access rights, and provides information. Further, the access control device 1100 is connected to the rule table generation device 200 in the rule table T160. In the present embodiment, the rule table generation device 200 is described as an independent device different from the access control device 1100 as illustrated in FIG. 1, but the rule table generation device 200 is included in the access control device 1100. May be included.

  The input unit 101 performs input to the access control apparatus 1100 from the outside. The output unit 102 outputs the processing result in the access control apparatus 1100 and the like from the access control apparatus 1100 to the outside. The authentication unit 103 checks the business execution authority in the business authority table T101 based on the user ID.

The business authority table T101 is a table that associates business IDs that can be implemented for each user ID. Table 4 shows an example of the business authority table T101.

  The business processing units 104-1, 104-2,... 104-N (hereinafter referred to as the business processing unit 104 unless otherwise specified) are divided for each business to be executed, and instructions from the input unit 101 Execute business according to Each of the business processing units 104-1, 104-2,... 104-N executes a business using information to which an information type code is assigned. The business processing unit 104 performs business using various information such as name and address. The information type code is a code assigned to the type of information such as name and address used for this business. is there. For example, name: 10, address: 20, occupation: 30, annual income: 40, permanent address: 50, and the like.

  The rule information search unit 105 checks the access right to the information type code to be searched based on the business ID in the rule table T160.

The rule table T160 is a table that associates (associates) an accessible information type code with each business ID. Table 5 shows an example of the rule table T160. For example, the rule table T160 describes and manages an access range to information defined by rules (regulations, laws and regulations). The rule table T160 is generated by the rule table generation device 200. A detailed generation method of the rule table T160 will be described later.

  After the validity of the access right is confirmed, the information search unit 106 searches for information from the information table T103.

The information table T103 includes an individual code for identifying an individual, an information type code indicating the type of information, and an information entity. Table 6 shows an example of the information table T103. The information search unit 106 searches with the personal code and the information type code, and acquires the information entity.

  Next, a processing procedure in the access control apparatus 1100 will be described with reference to FIG.

  First, the input unit 101 inputs the user ID, business ID, and personal code of the user who uses the access control apparatus 1100, and sends (sends) to the authentication unit 103. The authentication unit 103 searches the business authority table T101 using the user ID and business ID input by the input unit 101, and if there is a matching record, the business processing unit of the business ID corresponding to the business ID and personal code. 104. If there is no matching record, an error signal is sent to the output unit 102.

  Next, the business processing unit 104 of the corresponding business ID receives the business ID and personal code from the authentication unit 103 and executes the business processing. When information is required in business processing, the information type code, business ID, and personal code given to the information are sent to the rule information search unit 105. The rule information search unit 105 searches the rule table T160 with the acquired business ID and information type code. If there is no matching record, an error signal is returned to the job processing unit 104. If there is a matching record, the personal code and the information type code are sent to the information search unit 106.

  The information search unit 106 searches the information table T103 with the personal code and the information type code, acquires an information entity, and sends it to the business processing unit 1104. The business processing unit 104 sends an error signal to the output unit 102 when an error signal is returned from the rule information search unit 105, and continues the business process when an information entity is obtained from the information search unit 106. . When the business process is completed, the processing result is sent to the output unit 102. Finally, the output unit 102 outputs the obtained business process result to the outside.

  When the business processing unit 104 lacks a plurality of pieces of information (when a plurality of pieces of information with information type codes are used), the information processing request to the rule information search unit 105 is executed a plurality of times. .

  Further, the access control device 1100 uses a remote procedure call or the like, so that a terminal device including an input unit 101, an output unit 102, an authentication unit 103, a business processing unit 104, a business authority table T101, and a rule information search unit 105, an information search unit 106, a rule table T160, and an information table T103.

  FIG. 2 is a schematic block diagram of the rule table generation device 200 according to an embodiment of the present invention. As shown in FIG. 2, the rule table generation device 200 includes an input unit 10, an adjacent matrix bundle structuring unit 20, a correspondence table bundle structuring unit 25, an adjacent matrix generation unit 30, and a correspondence table creation unit 40. , An adjacency matrix table T130, a correspondence table table T140, a flag management table T150, and a rule table generation unit 170. The rule table generation device 200 is connected to the rule table T160 in the rule table management unit 70 of the rule table generation unit 170.

  In the rule table generating apparatus 200, the input unit 10 receives input of business process information and access information accessed in each task of the business process. The adjacency matrix generation unit 30 and the adjacency matrix bundle structuring unit 20 create an adjacency matrix table T130 based on the input business process information. Also, the correspondence table creation unit 40 and the correspondence table bundle structuring unit 25 create a correspondence table T140 based on the input access information. Then, the rule table generation unit 170 calculates the access right of each node based on the adjacency matrix table T130 and the correspondence table table T140.

  FIG. 3 is a diagram illustrating an example of a workflow used for generating the rule table T160 by the rule table generation device 200 according to an embodiment of the present invention. In this specification, a method for setting the rule table T160 of the business process represented by the workflow of FIG. 3 will be described. However, the workflow to be generated by the rule table T160 is not limited to that shown in FIG.

In FIG. 3, f ₁ to f ₇ indicate tasks, and arrows connecting the tasks indicate the order of business processes. Referring to the workflow of FIG. 3, this task is performed by one of three processes. The three processes are processes that sequentially perform tasks of f ₁ , f ₂ , f ₃ , f _5, and f ₇ , processes that sequentially perform tasks of f ₁ , f ₂ , f ₃ , f _6, and f ₇ , or f _This is a process of sequentially performing tasks ₁ , f ₂ , f ₄ and f ₇ . In addition, the access information accessed in the tasks f ₁ to f ₇ is S ₁ to S ₇ , respectively. Hereinafter, a method in which the rule table generation device 200 generates the rule table T160 based on the business process represented by the workflow illustrated in FIG. 3 and the access information in each task will be described. In this specification, the access right refers to the right to access predetermined information in each task of a business process. The access right information is information related to the right to access in each task of the business process. The rule is a rule for determining whether information can be browsed under a predetermined condition based on the access right.

Refer to FIG. 2 again. Based on the workflow, the input unit 10 receives input of business process information and access information accessed in each task of the business process. The business process information is input, for example, as a directed graph in which the workflow is described by BPMN (Business Process Modeling Notation). In the directed graph, workflow tasks are represented as nodes, and the execution order of each task is represented as an edge. As access information, access information associated with each of the tasks f ₁ to f ₇ is input. In this specification, the access information is represented as S as a symbol indicating the access information. That is, access information S ₁ to S ₇ is associated with each task f ₁ to f ₇ , respectively.

The adjacency matrix generation unit 30 converts the business process information input from the input unit 10 into an adjacency matrix. Here, the adjacency matrix represents the transition of the input directed graph. FIG. 4 is a diagram illustrating an example of an adjacency matrix, and FIG. 4A is a diagram illustrating an adjacency matrix obtained as a result of converting the workflow illustrated in FIG. 3. In the adjacency matrix, the vertical axis and the horizontal axis are the nodes f ₁ to f ₇ . In an adjacency matrix, an element with bit “1” set indicates that there is a transition from a node in the element row to a node in the element column, and an element set with bit “0” Indicates that there is no transition from an element row node to the element column node. For example, referring to row node f ₁ in FIG. 4 (a), and is set if bit "1" in the column of the node f _2, this indicates that the transition from the node f ₁ to the node f _2. Further, in the row of the node f ₁ , since the bit “0” is set in the columns other than the column of the node f ₂ , it indicates that no transition is made from the node f ₁ . Similarly, referring to rows of node f _2, the node f ₃ and node f bit "1" in the _fourth column erected, because in the other columns of which is set if the bit "0", the node f ₂ Is understood to transition to node f ₃ or node f ₄ and not to other nodes.

The adjacency matrix bundle structuring unit 20 forms an adjacency matrix generated by the adjacency matrix generation unit 30 into a bundle structure. A bundle structure is a structure having only a virtual beginning and end. Specifically, the adjacency matrix bundle structuring unit 20 adds a virtual start node f ₀ and a virtual end node f _end to the adjacency matrix generated by the adjacency matrix generation unit 30. FIG. 4B is an adjacency matrix table T130 in which the adjacency matrix of FIG. As shown in FIG. 4B, a node f ₀ and a node f _end are added to the adjacency matrix.

The correspondence table creation unit 40 creates a correspondence table related to the correspondence between each task represented as a node and access information based on the business process information input from the input unit 10. Specifically, the correspondence table creation unit 40 creates a table associating each node with access information as a correspondence table. FIG. 5 is a diagram showing an example of a correspondence table, and FIG. 5A is a diagram showing an example of a correspondence table created by the correspondence table creation unit 40 based on the workflow shown in FIG. Referring to FIG. 5 (a), for example in node _{f 1} is information _{S 1} is associated. Similarly, the _{f 7} from the node _{f 2, S 7} are associated with the respective information _{S 2.}

The correspondence table bundle structuring unit 25 forms a bundle structure for the correspondence table created by the correspondence table creation unit 40. Specifically, the correspondence table bundle structuring unit 25 corresponds to the node f ₀ and the node f _end added in the adjacent matrix bundle structuring unit 20, respectively, and a virtual start node f ₀ and an end node f. _end is added to the correspondence table. FIG. 5B is a correspondence table T140 in which the correspondence table of FIG. As shown in FIG. 5B, a node f ₀ and a node f _end are added. Here, since the node f ₀ and the node f _end are virtual nodes, there is no information accessed in the node f ₀ and the node f _end . Therefore, “0” indicating an empty set is associated with the node f ₀ and the node f _end .

  The adjacency matrix table T130 is an adjacency matrix (in this case, the adjacency matrix shown in FIG. 4B) that has been bundled by the adjacency matrix bundle structuring unit 20. The adjacency matrix table T130 is used when generating the rule table T160.

  The correspondence table T140 is a correspondence table (here, the correspondence table shown in FIG. 5B) that has been bundled by the correspondence table bundle structuring unit 25. The correspondence table table T140 is used when generating the rule table T160.

The flag management table T150 is a table used in creating the rule table T160, and indicates whether or not the access right of each node is calculated. FIG. 6 is a diagram illustrating an example of the flag management table T150. As shown in FIG. 6, in the flag management table T150, “0” or “1” is stored in the column indicating the flag for each node f. When “1” is stored for the node f, a flag is set, indicating that the access right has been calculated. On the other hand, when “0” is stored for the node f, it indicates that the flag is not set and the access right is not calculated. Accordingly, in the flag management table T150 shown in FIG. 6, since the flags are set for the nodes f ₀ , f ₁ , f ₂ , f ₃ and f ₅ , the access right is calculated for these nodes. Yes. On the other hand, since no flags are set for the nodes f ₄ , f ₆ , f ₇ and f _end , the access right is not calculated for these nodes.

The rule table T160 is generated based on the rule table matrix generated by the rule table generation unit 170. FIG. 7 is a diagram illustrating an example of the rule table matrix. In the rule table matrix, the vertical axis is the node f, and the horizontal axis is the access information S. In the rule table matrix, “0” or “1” is stored in each element. An element in which “0” is stored indicates that the access information S in the column of the element cannot be accessed in the node f in the row of the element, and an element in which “1” is stored in the node f in the row of the element Indicates that the access information S of the column of the element can be accessed. That is, an element storing “1” indicates an access right in each node. For example, referring to the row of the node f ₃ , “1” is stored in the columns of the access information S ₁ , S _2, and S ₃ . Accordingly, the node f ₃ can access the access information S ₁ , S ₂ and S ₃ , and cannot access the access information S ₄ , S ₅ , S ₆ and S ₇ .

  The rule table generation unit 170 includes an adjacency matrix reading unit 50, an access right calculation unit 60, a rule table management unit 70, a flag check unit 80, a flag setting unit 90, and a calculation target node specifying unit 180. The rule table generation unit 170 generates a rule table matrix by causing each functional unit to cooperate, and generates a rule table T160 based on the rule table matrix.

  The adjacency matrix reading unit 50 reads the adjacency matrix table T130.

  The access right calculation unit 60 sets the access right of the calculation target node to the access right information that has been calculated for the pre-transition node that transitions to the calculation target node, and the access information that corresponds to the calculation target node described in the correspondence table T140. It is calculated by calculating the logical sum of. Here, the calculation target node refers to a node for which an access right is calculated. The access right calculation unit 60 creates a rule table matrix by sequentially calculating calculation target nodes. A detailed example of the calculation performed by the access right calculation unit 60 will be described later.

  The rule table management unit 70 reads a rule table matrix from the rule table T160 and writes information related to the rule table matrix into the rule table T160.

  The flag check unit 80 checks whether or not a flag is set for a predetermined node in the flag management table T150.

  The flag setting unit 90 sets a flag on a predetermined node of the flag management table T150 under a predetermined condition.

  The calculation target node specifying unit 180 sequentially specifies calculation target nodes that are access right calculation targets based on the adjacency matrix table T130. The calculation target node designation unit 180 includes a next node search unit 100, a return node search unit 110, and an end determination unit 120.

  The next node search unit 100 searches for the next node based on the information acquired from the adjacency matrix reading unit 50 and the flag check unit 80. Specifically, the next node search unit 100 selects a transition destination node that transitions from the node for which the access right is calculated based on the adjacency matrix table T130, and selects a node that does not calculate the access right among the transition destination nodes. One of them is designated as a calculation target candidate node. The next node is a node related to a node that transitions from a predetermined node. The search method will be described in detail in the description of FIG.

  The return node search unit 110 searches for a return node based on the information acquired from the adjacency matrix reading unit 50 and the flag check unit 80. Specifically, the returning node search unit 110 selects the pre-transition node of the calculation target candidate node based on the adjacency matrix table T130, and calculates the access right for all of the selected pre-transition nodes. When the target candidate node is designated as the calculation target node and the access right is not calculated for any of the selected pre-transition nodes, one of the pre-transition nodes for which the access right is not calculated is calculated as a calculation target candidate Re-specify as a node. The returning node is a node related to a node that transits to a predetermined node, and an access right has not been calculated. The search method will be described in detail in the description of FIG.

The end determination unit 120 determines whether or not to end the access right calculation based on the information acquired from the flag check unit 80. Specifically, the end determining unit 120 determines to finish calculating the access right when a flag is set in the node f _{end The,} when the flag is not set to the node f _{end The,} if not end the calculation of access judge.

  Next, a rule table matrix generation procedure in the rule table generation unit 170 will be described with reference to FIG. At the time of starting generation of the rule table matrix, as shown in FIG. 9A, no flag is set in the flag management table T150, that is, “0” is stored in the flag indicating column for all the nodes f. Has been. Further, at the start of generation of the rule table matrix, “0” is stored in all the elements of the rule table matrix as shown in FIG.

First, the flag setting unit 90 sets a flag to a node _{f 0} of the flag management table T150 (Step S101). That is, the flag setting unit 90, as shown in FIG. 9 (b), stores "1" in the column indicating the flag corresponding to the node f ₀ of the flag management table T150.

Next, the rule table generation unit 170 next designates a calculation target candidate node as a calculation target node candidate. Specifically, first, the next node searching unit 100 selects the next node of the node f _h (h = 0 in this case) that sets the flag based on the information acquired from the adjacency matrix reading unit 50 and the flag check unit 80. Search is performed (step S102). FIG. 11 is a flowchart illustrating an example of a next node search method in the next node search unit 100.

Next node searching unit 100 refers to the adjacency matrix table T130 obtained from the adjacent matrix reading unit 50, it selects the node of the column standing bits in the row of the node f _h as the transition destination node (step S201). Referring to adjacency matrix table T130 shown in FIG. 4 (b), the bit is set in the row of the node f ₀ is a sequence of node f _1. Therefore, the next node search unit 100 selects the _{f 1.}

Then, the next node search unit 100 refers to the flag management table T150 acquired from the flag check unit 80, and extracts a node for which no flag is set among the selected transition destination nodes (step S202). At this stage, the node f ₁ because the flag is not set, the next node search unit 100 extracts the node f _1.

Then, the next node search unit 100 specifies an arbitrary node as a calculation target candidate nodes f _i of the extracted node (step S203). Here, since there is one extracted node, the next node search unit 100 designates the node f ₁ as the calculation target candidate node f _i . When the extracted node is a multiple, the next node search unit 100 may be, for example, specify a subscript smallest node or highest node of the node f as calculated candidate node f _i. In this specification, the following node search unit 100 will be described for example below as subscript node f designates the smallest node as a calculation target candidate nodes f _i.

Referring again to FIG. 8, after the next node search unit 100 designates the calculation target candidate node, the return node search unit 110 calculates the calculation target candidate based on the information acquired from the adjacent matrix reading unit 50 and the flag check unit 80. searching for a node _{f j's} back node _{f i} is specified as the node (step S103). Here, the return node search unit 110 searches for the return node f _j of the node f ₁ .

Then, the return node search unit 110 determines whether or not the return node f _j exists as a result of the search (step S104). When the returning node f _j does not exist (No in Step S104), the rule table generating unit 170 proceeds to Step S106. On the other hand, to return the node _{f j} exists (Yes in step S104), and returns the node searching unit 110, and the node _{f j} = node _{f i} (step S105). Then, the returning node search unit 110 further searches for the returning node f _j of the node f _i (step S103).

  Here, the process performed by the returning node search unit 110 from step S103 to step S105 will be described in more detail with reference to FIG. FIG. 12 is a flowchart illustrating an example of a return node search method in the return node search unit 110.

Back node search unit 110 refers to the adjacency matrix table T130 obtained from the adjacent matrix reading unit 50, selects the node of the line bit is set in the column of the node f _i as before the transition node (step S301). Referring now to adjacency matrix table T130 shown in FIG. 4 (b), the bit is set in the column of the node f ₁ is the sequence of the nodes f _0. Thus, return node search unit 110 selects the _{f 0.}

Subsequently, the returning node search unit 110 refers to the flag management table T150 acquired from the flag check unit 80, and determines whether or not there is a node with no flag among the selected pre-transition nodes (step). S302). Step S302 corresponds to step S104 in FIG. At this stage, since the standing flag the node f _0, it returns the node searching unit 110 determines that the flag is a node that is not standing not exist (No in step S302). When there is no node for which no flag is set, the returning node f _j does not exist (No in step S104 in FIG. 8). At this time, the rule table generation unit 170 proceeds to step S106 in FIG.

On the other hand, when the return node search unit 110 determines that there is a node with no flag set (Yes in step S302), the return node f _j exists (Yes in step S104 in FIG. 8). At this time, the returning node search unit 110 refers to the flag management table T150 and extracts a node for which no flag is set among the selected nodes (step S303).

The returning node search unit 110 then designates any of the extracted nodes as the calculation target candidate node f _j (step S304). When the extracted node is a multiple returns the node searching unit 110 may be, for example, subscript node f designates the smallest node or highest node as a calculation target candidate nodes f _j. In the present specification, the following description will be made assuming that the returning node search unit 100 determines, for example, the node with the smallest subscript of the node f as the calculation target candidate node f _j .

When the return node search unit 110 designates the calculation target candidate node f _j , the return node search unit 110 sets node f _j = node f _i (step S305). Then, return node search unit 110 returns to step S301 again, with reference to the adjacency matrix table T130 obtained from the adjacent matrix reading unit 50, selects a pre-transition nodes line bit is set in the column of the node f _i To do. Thus, the returning node search unit 110 repeats this flow until it is determined in step S302 that there is no node with no flag set. The node f _j when it is determined that there is no node with no flag set is designated as the calculation target node.

Refer to FIG. 8 again. In step S104, (No in step S104), and the access right calculator 60 when a node f _j back the node f ₁ is determined not to exist, acquires the information of the rule table matrix through the rule table management unit 70 Referring also to the correspondence table T140, the logical sum of the access right information of the pre-transition node that transits to the calculation target node f _i (here, i = 1) and the access information at the node f _i is calculated (step S106). ). Here, referring to the information in the rule table matrix, the access right information of the node f ₀ transitioning to the node f ₁ is “0 (empty set)”, and referring to the correspondence table T140 shown in FIG. 5B. The access information at node f ₁ is S ₁ . The access right calculation unit 60 calculates that the access right of the node f ₁ is the access information S ₁ by calculating these logical sums.

Based on the calculation result, the rule table management unit 70 sets a bit in the row of _{f 1} of rule table matrix rule table T 160 (step S107). Specifically, “1” is stored in the element of S ₁ in the row of f ₁ in FIG. In this way, the access right of the node f ₁ is calculated, and a rule table matrix is generated.

The flag setting unit 90 sets a flag to a node _{f 1} of the flag management table T150 (Step S108). That is, at this stage, the flag management table T150, as shown in FIG. 9 (c), a state flagged to the _{f 0} and _{f 1.}

Then, the end determination unit 120 determines whether or not a flag is set in the node f _end of the flag management table T150 (step S109). When the flag is set in the node f _end (Yes in step S109), the rule table generation unit 170 determines that the access right of all the nodes f has been calculated, and ends the flow.

When the flag is not set in the node f _end (No in Step S109), the next node search unit 100 sets the node f _i = node f _h . And the rule table production | generation part 170 repeats this flow from step S102 again. That is, here, as in FIG. 9 (c), the order flag is not set to the node _{f end The,} the next node searching unit 100 searches for a next node _{f i} of the node _{f 1.}

Next node search unit 100 selects the node _{f 2} columns bit is set in the row of the node _{f 1} adjacency matrix table T130 as a transition destination node (step S201). At this stage, referring to the flag management table T150, since the transition destination node _{f 2} flag is not set, the node _{f 2} is extracted in step S202, in step S203, the node _{f 2} is calculated candidate node _{f i} As determined.

Then, return node search unit 110 selects the pre-transition nodes _{f 1} row standing bits in the column of the node _{f 2} adjacency matrix table T130 (Step S301). Referring to flag management table T150, since the flag is set to the node f ₁ at this stage, in step S302, returns the node searching unit 110 determines that the flag does not exist nodes not stand for (step S302 No), the node _{f 2} is determined as the calculation target node.

Then, the access right calculation unit 60 calculates the logical sum of the access right information of the pre-transition node f ₁ that transitions to the calculation target node f ₂ and the access information in the node f ₂ (step S106). Here, the access right information of the node f ₁ is the access information S ₁ , and the access information in the node f ₂ is S ₂ . The access right calculation unit 60 calculates that the access right of the node f ₂ is the access information S ₁ and S ₂ by calculating the logical sum of these. Then, based on the calculation result, the rule table management unit 70 sets a bit in the row of the _{f 2} of rule table matrix rule table T 160 (step S107). Specifically, “1” is stored in the elements S ₁ and S ₂ in the row f ₂ in FIG. The flag setting unit 90, as shown in FIG. 9 (d), a flag to a node _{f 2} of the flag management table T150 (Step S108). Since the flag is not set to the node _{f end} at this stage (No in step S109), the node _{f 2} = node _{f i,} returns to step S102.

Referring to adjacency matrix table T130 shown in FIG. 4 (b), in the line of nodes _{f 2,} since the bit string of the nodes _{f 3} and node _{f 4} is set, the next node searching unit 100, in step S201 , Node f ₃ and node f ₄ are selected as transition destination nodes. At this stage, since neither the transition destination node f ₃ nor the transition destination node f ₄ is flagged, the node f ₃ and the node f ₄ are extracted in step S202. Then, the next node searching unit 100, at step S203, specifies the _{f 3} of the nodes _{f 3} and node _{f 4} as calculated candidate node _{f i.}

Since the return node f _j of the node f _{3 in} the adjacency matrix table T130 does not exist (No in step S104), the node f ₃ is determined as the calculation target node. The access right calculation unit 60 calculates a logical sum of the access right information of the pre-transition node f _{2 that} makes a transition to the calculation target node f ₃ and the access information in the node f ₃ (step S106). Here, the access right information of the node f ₂ is the access information S ₁ and S ₂ , and the access information in the node f ₃ is S ₃ . The access right calculation unit 60 calculates that the access right of the node f ₃ is the access information S ₁ , S ₂ and S ₃ by calculating the logical sum of these. Then, based on the calculation result, the rule table management unit 70 sets a bit in the row of the _{f 3} of the rule table matrix rule table T 160 (step S107). Specifically, “1” is stored in the elements of S ₁ , S _2, and S ₃ in the row f _{3 in} FIG. 10A. The flag setting unit 90, as shown in FIG. 9 (e), a flag to a node _{f 3} of the flag management table T150 (Step S108). Since the flag is not set to the node _{f end} at this stage (No in step S109), the node _{f 3} = node _{f i,} returns to step S102.

Referring to adjacency matrix table T130 shown in FIG. 4 (b), in the line of nodes _{f 3,} since the bit string of the nodes _{f 5} and the node _{f 6} is set, the next node searching unit 100, in step S201 , it selects the node _{f 5} and the node _{f 6} as the transition destination node. At this stage, neither the node f ₅ nor the node f ₆ is flagged, so the node f ₅ and the node f ₆ are extracted in step S202. Then, the next node searching unit 100, at step S203, specifies the _{f 5} of the nodes _{f 5} and the node _{f 6} as calculated candidate node _{f i.}

Since the return node f _j of the node f _{5 in} the adjacency matrix table T130 does not exist (No in step S104), the node f ₅ is determined as the calculation target node. The access right calculation unit 60 calculates the logical sum of the access right information of the pre-transition node f ₃ that transitions to the calculation target node f ₅ and the access information in the node f ₅ (step S106). Here, the access right information of the node f ₃ is access information S ₁ , S ₂ and S ₃ , and the access information in the node f ₅ is S ₅ . The access right calculator 60 calculates that the access right of the node f ₅ is the access information S ₁ , S ₂ , S _3, and S ₅ by calculating the logical sum of these. Then, based on the calculation result, the rule table management unit 70 sets a bit in the row of the _{f 5} of the rule table matrix rule table T 160 (step S107). Specifically, “1” is stored in the elements of S ₁ , S ₂ , S _3, and S ₅ in the row f ₅ in FIG. At this point, the rule table matrix is in a state where bits are set in the elements of the rows of the nodes f ₁ , f ₂ , f _3, and f ₅ as shown in FIG. The flag setting unit 90, as shown in FIG. 9 (f), a flag to a node _{f 5} of the flag management table T150 (Step S108). Since the flag is not set to the node _{f end} at this stage (No in step S109), the node _{f 5} = node _{f i,} returns to step S102.

Next node search unit 100 selects the node _{f 7} columns bit is set in the row of the node _{f 5} adjacency matrix table T130 as a transition destination node (step S201). At this stage, referring to the flag management table T150, since the node _{f 7} flag is not set, the node _{f 7} is extracted in step S202, in step S203, specifies the node _{f 7} is a calculation target candidate nodes _{f i} Is done.

Next, the returning node search unit 110 selects the nodes f ₄ , f _5, and f ₆ in the row where the bit is set in the column of the node f _{7 in} the adjacency matrix table T130 (step S301). Referring to flag management table T150, since the flag is not set to the node f ₄ and f ₆ at this stage, in step S302, returns the node searching unit 110 determines that the flag is set to not pre-transition node exists (Yes in step S302). Then, the node search unit 110 back extracts the node _{f 4} and the node _{f 6} (step S303), re-specify _{f 4} as calculated candidate node _{f i} (step S304). Then, the node _{f 4} = Node _{f i} (step S305).

Returning to step S301 again, it returns node search unit 110 selects the node _f node _{f 2} rows bit is set in the column of the ₄ adjacent matrix table T130 as before the transition node (step S301). Since standing flag to the node _{f 2,} the node search unit 110 returns, in step S302, returns the node searching unit 110 determines that the node flag is not set does not exist (No in step S302), the node f ₄ is determined as a calculation target node.

Then, the access right calculation unit 60 calculates a logical sum of the access right information of the pre-transition node f _{2 that} makes a transition to the calculation target node f ₄ and the access information in the node f ₄ (step S106). Here, the access right information of the node f ₂ is the access information S ₁ and S ₂ , and the access information in the node f ₄ is S ₄ . The access right calculation unit 60 calculates that the access right of the node f ₄ is the access information S ₁ , S ₂ and S ₄ by calculating these logical sums. Then, based on the calculation result, the rule table management unit 70 sets a bit in the row of the _{f 4} of rule table matrix rule table T 160 (step S107). Specifically, “1” is stored in the elements S ₁ , S _2, and S ₄ in the row f _{4 in} FIG. 10B. The flag setting unit 90, as shown in FIG. 9 (g), a flag to a node _{f 4} of the flag management table T150 (Step S108). Since the flag is not set to the node _{f end} at this stage (No in step S109), the node _{f 4} = node _{f i,} returns to step S102.

Next node search unit 100 selects the node _{f 7} columns bit is set in the row of the node _{f 4} adjacency matrix table T130 as a transition destination node (step S201). At this stage, referring to the flag management table T150, since the node _{f 7} flag is not set, the node _{f 7} is extracted in step S202, in step S203, specifies the node _{f 7} is a calculation target candidate nodes _{f i} Is done.

Next, the returning node search unit 110 selects the nodes f ₄ , f _5, and f ₆ in the row where the bit is set in the column of the node f _{7 in} the adjacency matrix table T130 (step S301). Referring to flag management table T150, since the flag in the node f ₆ at this stage has not been set, in step S302, it returns the node searching unit 110, the flag is judged to stand not pre-transition node exists (step S302 Yes). Then, return node searching unit 110 extracts the node _{f 6} (step S303), re-specify _{f 6} as calculated candidate node _{f i} (step S304). Then, the node _{f 6} = node _{f i} (step S305).

Returning to step S301 again, returns node search unit 110 selects the node _{f 3} rows bits in sequence of the nodes _{f 6} adjacency matrix table T130 is set (step S301). Since the flag is set to the node f _3, the node search unit 110 returns, in step S302, returns the node searching unit 110 determines that flag is not pre-transition node does not exist standing (No in Step S302) , the node f ₆ is determined as the calculation target node.

Then, the access right calculation unit 60 calculates a logical sum of the access right information of the pre-transition node f ₃ that transits to the calculation target node f ₆ and the access information in the node f ₆ (step S106). Here, the access right information of the node f ₃ is access information S ₁ , S ₂ and S ₃ , and the access information in the node f ₆ is S ₆ . The access right calculation unit 60 calculates that the access right of the node f ₆ is the access information S ₁ , S ₂ , S ₃ and S ₆ by calculating these logical sums. Then, based on the calculation result, the rule table management unit 70 sets a bit in the row of the _{f 6} of rule table matrix rule table T 160 (step S107). Specifically, “1” is stored in the elements of S ₁ , S ₂ , S _3, and S ₆ in the row f _{6 in} FIG. 10B. The flag setting unit 90, as shown in FIG. 9 (h), a flag to a node _{f 6} of the flag management table T150 (Step S108). Since the flag is not set to the node _{f end} at this stage (No in step S109), the node _{f 6} = node _{f i,} returns to step S102.

Next node search unit 100 selects the node _{f 7} columns bit is set in the row of the node _{f 6} adjacency matrix table T130 (Step S201). At this stage, referring to the flag management table T150, since the node _{f 7} flag is not set, the node _{f 7} is extracted in step S202, determination in step S203, the node _{f 7} is a calculation target candidate nodes _{f i} Is done.

Next, the returning node search unit 110 selects the nodes f ₄ , f _5, and f ₆ in the row where the bit is set in the column of the node f _{7 in} the adjacency matrix table T130 (step S301). Referring to the flag management table T150, the nodes f ₄ , f ₅ and f ₆ are all flagged at this stage. Therefore, in step S302, the returning node search unit 110 returns the pre-transition node where the flag is not set. there is determined not to exist (no in step S302), the node _{f 7} is determined as the calculation target node.

Then, the access right calculation unit 60 calculates the logical sum of the access right information of the pre-transition nodes f ₄ , f ₅ and f ₆ that transit to the calculation target node f ₇ and the access information at the node f ₇ (step S106). ). Here, the access right information of the node f ₄ is the access information S ₁ , S ₂ and S ₄ , the access right information of the node f ₅ is the access information S ₁ , S ₂ , S ₃ and S ₅ , and the node f The access right information ₆ is access information S ₁ , S ₂ , S ₃ and S ₆ . Further, the access information at node _{f 7} is _{S 7.} The access right calculation unit 60 calculates that the access right of the node f ₇ is the access information S ₁ to S ₇ by calculating these logical sums. Then, based on the calculation result, the rule table management unit 70 sets a bit in the row of the _{f 7} rules table matrix rule table T 160 (step S107). Specifically, “1” is stored in the elements S ₁ to S ₇ in the row f _{7 in} FIG. 10B. The flag setting unit 90, as shown in FIG. 9 (i), a flag to a node _{f 7} of flag management table T150 (Step S108). Since the flag is not set to the node _{f end} at this stage (No in step S109), the node _{f 7} = node _{f i,} returns to step S102.

The next node search unit 100 selects the node f _end of the column in which the bit is set in the row of the node f ₇ of the adjacency matrix table T130 (step S201). At this stage, referring to the flag management table T150, since the node _{f end} flag is not set, the node _{f end} is extracted in step S202, designated in step S203, the node _{f end} is calculated candidate node _{f i} Is done.

Then, return node search unit 110 selects the node _{f 7} rows bit is set in the column of the node _{f end} of the adjacency matrix table T130 (Step S301). Referring to flag management table T150, since the flag is set to the node f ₇ at this stage, in step S302, it returns the node searching unit 110 determines that flag is not pre-transition node does not exist standing (step No in S302), the node f _end is determined as the calculation target node.

Then, the access right calculation unit 60 calculates the logical sum of the access right information of the pre-transition node f ₇ that transitions to the calculation target node f _end and the access information in the node f ₇ (step S106). Here, the access right information of the node f ₇ is the access information S ₁ to S ₇ . The access information at the node f _end is “0 (empty set)”. The access right calculation unit 60 calculates that the access right of the node f _end is the access information S ₁ to S ₇ by calculating the logical sum of these. Then, based on the calculation result, the rule table management unit 70 sets a bit in the row of the _{f end} rule table matrix rule table T 160 (step S107). Specifically, “1” is stored in the elements from S ₁ to S ₇ in the f _end row of FIG. 10B. In this way, the rule table matrix is in a state where bits are set for all the nodes f as shown in FIG. Then, as illustrated in FIG. 9J, the flag setting unit 90 sets a flag on the node f _end of the flag management table T150 (step S108). Accordingly, in step S109, the end determination unit 120 determines that the flag is set in the node f _end (Yes in step S109). And the rule table production | generation part 170 complete | finishes the flow of FIG. Then, the rule table generation unit 170 generates a rule table T160 based on the generated rule table matrix.

  In this way, the rule table generation device 200 generates the rule table T160. The program for generating the rule table T160 in this way is stored in a storage unit (not shown) or an external storage medium in the rule table generation device 200, for example.

  When the user wants to browse information, the access control apparatus 1100 refers to the rule table T160 generated as described above, and determines whether or not the user has access rights to the information that the user wants to browse. Can be determined.

  As described above, the rule table generation device 200 can automatically generate the rule table T160 based on the input of business process information. Therefore, the cost required for generating the rule table can be reduced. Furthermore, it is possible to reduce the risk of occurrence of problems such as bugs or security holes due to human errors. Thus, according to the present invention, a rule table can be generated efficiently.

  Although the above embodiments have been described as representative examples, it will be apparent to those skilled in the art that many changes and substitutions can be made within the spirit and scope of the invention. Therefore, the present invention should not be construed as being limited by the above-described embodiments, and various modifications and changes can be made without departing from the scope of the claims.

  For example, the functions included in each component, each step, etc. can be rearranged so that there is no logical contradiction, and multiple components, steps, etc. can be combined or divided into one It is.

In the above-described embodiment, the access information is represented as a symbol S. The access information S includes attributes such as an information provider (information provider code) of access information and information content (information type code). It is natural to have. Each node described as a symbol f can also be expressed by a business type (business ID). By using these codes and IDs, the rule table T160 can be created as a table as shown in Table 7.

  In Table 7, the rule ID is a unique ID set for each rule related to the access right. In addition, the business ID is an ID indicating each node f, the information provider code is a unique code associated with the information provider, and the information type code is unique for each information content. This is the code. Referring to Table 7, for example, in the rule having the ID “R0001”, in the node having the business ID “G0110”, the code “40” provided by the information provider corresponding to the code “25” is used. This indicates that the user has an access right to view corresponding information.

10 Input unit 20 Adjacent matrix bundle structuring unit 25 Corresponding table bundle structuring unit 30 Adjacent matrix generating unit 40 Corresponding table creating unit 50 Adjacent matrix reading unit 60 Access right calculating unit 70 Rule table managing unit 80 Flag checking unit 90 Flag setting unit 100 next node search unit 110 return node search unit 120 end determination unit 170 rule table generation unit 180 calculation target node designation unit 200 rule table generation device 1000, 1100 access control device 101, 1001 input unit 102, 1002 output unit 103, 1003 authentication Parts 104, 1004 business processing part 105, 1005 rule information retrieval part 106, 1006 information retrieval part T101, T1001 business authority table T103, T1003 information table T130 adjacency matrix table T140 correspondence table table T150 flag management table T 160 Rule table T1002 Access authority table

Claims (5)

An input unit that receives input of business process information and access information accessed in each task of the business process based on a workflow;
An adjacency matrix generation unit that converts information of the business process into an adjacency matrix;
An adjacency matrix bundle structuring unit that forms an adjacency matrix table by bundling the adjacency matrix;
Based on the business process information, each node of the adjacency matrix table corresponding to each task, and a correspondence table creating unit that creates a correspondence table related to the access information,
A correspondence table bundle structuring unit for creating a correspondence table by bundling the correspondence table;
A rule table generation device comprising: a rule table generation unit that calculates an access right of each node based on the adjacency matrix table and the correspondence table table. The rule table generator is
Based on the adjacency matrix table, a calculation target node specifying unit that sequentially specifies calculation target nodes that are the calculation targets of the access right;
The access right of the calculation target node is ORed with the calculated access right information of the pre-transition node that transitions to the calculation target node and the access information corresponding to the calculation target node described in the correspondence table. The rule table generation device according to claim 1, further comprising: an access right calculation unit that calculates by calculating. The calculation target node designation unit
Based on the adjacency matrix table, a transition destination node that transitions from the node that has calculated the access right is selected, and one of the transition destination nodes that has not calculated the access right is selected as a calculation target candidate node A next node search unit designated as
When the pre-transition node of the calculation target candidate node is selected based on the adjacency matrix table and the access right is calculated for all of the selected pre-transition nodes, the calculation target candidate node is calculated When the access right is not calculated for any of the selected pre-transition nodes specified as a target node, one of the pre-transition nodes for which the access right is not calculated is selected as the calculation target candidate node The rule table generation device according to claim 2, further comprising: a return node search unit that is designated again. A rule table generation method in a rule table generation device,
Receiving an input of business process information and access information accessed in each task of the business process based on the workflow;
Converting the business process information into an adjacency matrix;
Creating an adjacency matrix table by bundling the adjacency matrix;
Creating a correspondence table related to the correspondence between each node of the adjacency matrix table corresponding to each task and the access information based on the information of the business process;
Creating a correspondence table by bundling the correspondence table;
A rule table generating method, comprising: calculating an access right of each node based on the adjacency matrix table and the correspondence table. On the computer,
Receiving an input of business process information and access information accessed in each task of the business process based on the workflow;
Converting the business process information into an adjacency matrix;
Creating an adjacency matrix table by bundling the adjacency matrix;
Creating a correspondence table related to the correspondence between each node of the adjacency matrix table corresponding to each task and the access information based on the information of the business process;
Creating a correspondence table by bundling the correspondence table;
A rule table generation program for executing a step of calculating an access right of each node based on the adjacency matrix and the correspondence table.

Images